CVE-2023-46596

Published: Feb 15, 2024Modified: Jan 23, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Affected (3)

Products: Algosec: Fireflow

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Algosec Fireflow	Version a32.20
Algosec Fireflow	Version a32.50
Algosec Fireflow	Version a32.60

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm

Source: security.vulnerabilities@algosec.com

Vendor Advisory

https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.