Veganmosfet

**Name of the Vulnerable Software and Affected Versions** Dify versions prior to 1.13.0 **Description** A cross site scripting issue exists in the web application chat frontend when using echarts. User or llm inputs containing echarts with a specific javascript payload will be executed. The application is an open-source LLM app development platform. **Recommendations** Update to version 1.13.0 or later.