CVE-2025-3467

Name of the Vulnerable Software and Affected Versions: langgenius/dify versions prior to 1.1.3

Description: An XSS vulnerability exists, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker.

Recommendations: Update to version 1.1.3 or later.