CVE-2025-49149

Name of the Vulnerable Software and Affected Versions Dify version 1.2.0

Description Dify is an open-source LLM app development platform. In this platform, there is insufficient filtering of user input by web applications, which allows attackers to inject malicious script code into web pages. This can result in a cross-site scripting (XSS) attack when a user browses these web pages.

Recommendations For version 1.2.0, as a temporary workaround, consider implementing additional input validation and sanitization to prevent malicious script injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.