Mia0A-Hi

#10713of 53,638
25.7Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2025-25765
6.1
2025-06-17
Dify · Dify · CVE-2025-49149
**Name of the Vulnerable Software and Affected Versions** Dify version 1.2.0 **Description** Dify is an open-source LLM app development platform. In this platform, there is insufficient filtering of user input by web applications, which allows attackers to inject malicious script code into web pages. This can result in a cross-site scripting (XSS) attack when a user browses these web pages. **Recommendations** For version 1.2.0, as a temporary workaround, consider implementing additional input validation and sanitization to prevent malicious script injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-30661
6.3
2024-09-02
Halo · Halo · CVE-2024-43792
**Name of the Vulnerable Software and Affected Versions** Halo versions prior to 2.17.0 **Description** A security issue has been identified in the Halo project, allowing an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. **Recommendations** For versions prior to 2.17.0, upgrade to version 2.17.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTML and JavaScript code in the affected Halo project until a patch is available.
PT-2024-27345
6.1
2024-06-11
Unknown · Metersphere · CVE-2024-37161
**Name of the Vulnerable Software and Affected Versions** MeterSphere versions prior to 1.10.1-lts **Description** The system's step editor in MeterSphere stores cross-site scripting vulnerabilities. **Recommendations** For versions prior to 1.10.1-lts, update to version 1.10.1-lts to resolve the issue.
PT-2023-20319
7.2
2023-02-28
Dataease · Dataease · CVE-2023-25807
**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 1.18.3 **Description** The issue concerns the DataEase platform, an open source data visualization and analysis tool. When saving a dashboard, an attacker can modify the saved data to store malicious code. This can lead to the execution of malicious code on the server side when a user accesses the dashboard. **Recommendations** For versions prior to 1.18.3, update to version 1.18.3 to resolve the issue. As a temporary workaround, consider restricting access to dashboards to minimize the risk of exploitation. Avoid using the platform's dashboard saving feature until the issue is resolved.