Back to search
CVE-2025-49149
Published: Jun 17, 2025
Modified: Jun 18, 2025
PUBLISHED
Description
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.
| Vendor | Product | Versions |
|---|---|---|
langgenius | dify | affected = 1.2.0 |
Weaknesses (CWE)
References
https://github.com/langgenius/dify/security/advisories/GHSA-grmh-ww4v-5cgj
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now