XSS in Langgenius Dify

CVE-2025-49149

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may re…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.