CVE-2023-46596
- EPSS 0.06%
- Published 15.02.2024 06:15:45
- Last modified 23.01.2025 17:43:12
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts int...
CVE-2023-46595
- EPSS 0.04%
- Published 02.11.2023 08:15:08
- Last modified 21.11.2024 08:28:51
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
CVE-2022-36783
- EPSS 0.07%
- Published 25.10.2022 17:15:55
- Last modified 07.05.2025 20:15:21
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to ano...
CVE-2014-4164
- EPSS 0.23%
- Published 16.06.2014 18:55:09
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.