Gecko Security
Get a Demo
Back to Research
CVSS 6.1mediumCVE-2025-51462

CVE-2025-51462: Ragflow XSS in Dialog Configuration

Stored cross-site scripting vulnerability in Ragflow's dialog configuration functionality allowing malicious HTML/JavaScript execution.

Gecko Security Research
Gecko Security Team
1/15/2025

Description

A stored cross-site scripting (XSS) was found in the dialog configuration functionality. The application fails to properly sanitize user input in the prompt_config fields, particularly in the "Opening greeting" section under "Assistant Setting". When this unsanitized content is later rendered using a markdown component with the rehype-raw plugin, malicious HTML and JavaScript can execute in victims' browsers.

Source - Sink Analysis

The vulnerability exists in the following function call chain:

  1. Source: set_dialog() in ragflow-0.17.2/api/apps/dialog_app.py

    • Accepts user-provided prompt_config parameter without sanitization: 
      prompt_config = req.get("prompt_config", default_prompt)

  2. Intermediate: DialogService.save() in ragflow-0.17.2/api/db/services/common_service.py

    • Stores unsanitized user input directly in the database:

      sample_obj = cls.model(**kwargs).save(force_insert=True)

  3. Intermediate: get_json_result() in ragflow-0.17.2/api/utils/api_utils.py

    • Returns unsanitized data in JSON response: 
      response = {"code": code, "message": message, "data": data}

  4. Sink: HightLightMarkdown component in ragflow-0.17.2/web/src/components/highlight-markdown/index.tsx

    • Renders unsanitized content with rehype-raw plugin, allowing JavaScript execution: 
      rehypePlugins={[rehypeRaw, rehypeKatex]}

Proof of Concept

  1. Log into RAGFlow application
  2. Navigate to Chat section and click "Create an Assistant" button
  3. Locate the "Opening greeting" field (prompt_config.prologue) and enter the following payload:
<iframe srcdoc="<script>alert('XSS Vulnerability in RAGFlow')</script>"></iframe>
  1. Start a new conversation and observe that a JavaScript alert popup appears with the text "XSS Vulnerability in RAGFlow"

Impact

Attackers can:

  • Execute arbitrary JavaScript in the context of other users' browsers
  • Steal authentication tokens, session cookies, and other sensitive information
  • Perform unauthorized actions on behalf of the victim
  • Access sensitive data including knowledge base content

Fix

  • https://github.com/infiniflow/ragflow/pull/7669