Vulnerabilities > Flowiseai > Flowise > 1.8.2

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-9148 Cross-site Scripting vulnerability in Flowiseai Embed and Flowise
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
network
low complexity
flowiseai CWE-79
6.1
6.1
2024-08-27 CVE-2024-8181 Improper Authentication vulnerability in Flowiseai Flowise 1.8.2
An Authentication Bypass vulnerability exists in Flowise version 1.8.2.
network
low complexity
flowiseai CWE-287
8.1
8.1
2024-08-27 CVE-2024-8182 Unspecified vulnerability in Flowiseai Flowise 1.8.2
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.
network
low complexity
flowiseai
7.5
7.5