CVE-2025-58747 | langgenius dify up to 1.9.1 MCP OAuth authorization_url cross site scripting

A vulnerability classified as problematic was found in langgenius dify up to 1.9.1. This affects an unknown function of the component MCP OAuth. Executing manipulation of the argument authorization_url can lead to cross site scripting.

This vulnerability is registered as CVE-2025-58747. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More