#Flowise

Cross-Site Scripting Vulnerability in Flowise Before 3.0.8

A cross-site scripting (XSS) vulnerability exists in Flowise before version 3.0.8, caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript, enabling theft of cookies and session data. Users of Flowise should update to version 3.0.8 or later.