CVE-2023-46596

EPSS 0.06%
Published 15.02.2024 06:15:45
Last modified 23.01.2025 17:43:12
Source security.vulnerabilities@algos
Teams watchlist Login
Open Login

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Algosec ≫ Fireflow Versiona32.20

Algosec ≫ Fireflow Versiona32.50

Algosec ≫ Fireflow Versiona32.60

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.169

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security.vulnerabilities@algosec.com	5.1	0.4	4.7	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-46596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46596

EUVD