CVE-2023-46596

EPSS 0.06%
Veröffentlicht 15.02.2024 06:15:45
Zuletzt bearbeitet 23.01.2025 17:43:12
Quelle security.vulnerabilities@algos
Teams Watchlist Login
Unerledigt Login

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Algosec ≫ Fireflow Versiona32.20

Algosec ≫ Fireflow Versiona32.50

Algosec ≫ Fireflow Versiona32.60

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.169

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security.vulnerabilities@algosec.com	5.1	0.4	4.7	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-46596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46596

EUVD