CVE-2025-51462

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-51462
Type cve
Published 2025-07-22T21:15:44
Last Seen 2025-07-22T21:26:04
Modified 2025-07-22T21:15:44

CVSS Information

Base Score 6.1 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Analysis

AI Description A stored XSS vulnerability in RAGFlow 0.17.2 allows attackers to inject JavaScript via the assistant greeting field. This could lead to unauthorized actions on behalf of users. The vulnerability is moderately severe and affects version 0.17.2.
AI Severity Medium
AI Vendor RAGFlow Community
AI Product RAGFlow
AI Version 0.17.2

Additional Information

CVE List CVE-2025-51462
CWE List CWE-79
Bulletin Family cve

Description

Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised…

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.