CVE-2025-49149 – Dify Cross-Site Scripting (XSS) Vulnerability

June 17, 2025

CVE ID : CVE-2025-49149

Published : June 17, 2025, 11:15 p.m. | 1 hour, 32 minutes ago

Description : Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleClair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Next Article Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-49149 – Dify Cross-Site Scripting (XSS) Vulnerability

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

CVE-2025-45616 – Brcc Authentication Bypass Vulnerability

Apple Intelligence page no longer reads “Available Now” — I wonder if Apple has lost faith in its AI strategy after so many delays?

Distribution Release: Network Security Toolkit 42-14476

CVE-2025-44176 – Tenda FH451 Unauthenticated Remote Code Execution Vulnerability

CVE-2025-5597 – Airleader MASTER Authentication Bypass

Best Chest Doctor Near Me | Parthiv Lung Care

Evaluating social and ethical risks from generative AI

Last Week in AI #307 – GPT 4.1, o3, o4-mini, Gemini 2.5 Flash, Veo 2

CVE-2025-49149 – Dify Cross-Site Scripting (XSS) Vulnerability

Related Posts