CVE-2025-29192
published 2025-10-06CVE-2025-29192: Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.37%
29.2th percentile
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flowiseai | flowise | < 3.0.5 | 3.0.5 |
| flowiseai | flowise | >= 0 < 3.0.5 | 3.0.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Flowise Stored XSS vulnerability through logs in chatbot
osv·2025-10-03
CVE-2025-29192 [MEDIUM] Flowise Stored XSS vulnerability through logs in chatbot
Flowise Stored XSS vulnerability through logs in chatbot
### Description
In the chat log, tags like input and form are allowed. This makes a potential vulnerability where an attacker could inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information with stored Cross Site Scripting.
### PoC
```html
```
If the above HTML code is entered, a very large img gets injected into the log. When an admin clicks the generated img, it alerts ‘XSS!!!’. It means stored xss is able in the chatbot.
```html
?passwd=' + encodeURIComponent(localStorage.getItem('password'));" />
```
So when an admin clicks the img that generated by above html code, it sends a request, including creden
GHSA
Flowise Stored XSS vulnerability through logs in chatbot
ghsa·2025-10-03
CVE-2025-29192 [MEDIUM] CWE-79 Flowise Stored XSS vulnerability through logs in chatbot
Flowise Stored XSS vulnerability through logs in chatbot
### Description
In the chat log, tags like input and form are allowed. This makes a potential vulnerability where an attacker could inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information with stored Cross Site Scripting.
### PoC
```html
```
If the above HTML code is entered, a very large img gets injected into the log. When an admin clicks the generated img, it alerts ‘XSS!!!’. It means stored xss is able in the chatbot.
```html
?passwd=' + encodeURIComponent(localStorage.getItem('password'));" />
```
So when an admin clicks the img that generated by above html code, it sends a request, including creden
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-06
Published