Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot

GHSA-wq95-wr7m-26h4

Published Oct 6, 2025 · Modified Oct 8, 2025

Description

This advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references.

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.

Ready to move

Free, no credit card | First findings in minutes