CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...

6.1CVSS5AI score0.00055EPSS

Exploits0References1

OSV•added 2024/02/15 6:15 a.m.•2 views

CVE-2023-46596

6.1CVSS5.8AI score0.00055EPSS

Exploits0References1

Prion•added 2024/02/15 6:15 a.m.•11 views

Input validation

3.7CVSS6.2AI score0.00055EPSS

Exploits0References1

CVE•added 2024/02/15 6:7 a.m.•32 views

CVE-2023-46596

The CVE-2023-46596 affects AlgoSec FireFlow VisualFlow workflow editor, specifically versions A32.20, A32.50, and A32.60. The root cause is improper input validation in fields Name, Description, and Configuration File, enabling an attacker to inject malicious scripts (XSS) into the application co...

6.1CVSS5AI score0.00055EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/02/14 12:0 a.m.•4 views

PT-2024-13363 · Algosec · Algosec Fireflow

Name of the Vulnerable Software and Affected Versions: Algosec FireFlow versions A32.20 through A32.60 Description: The issue is related to improper input validation in the VisualFlow workflow editor via the Name, Description, and Configuration File fields. This allows an attacker to initiate an...

6.1CVSS4.9AI score0.00055EPSS

Exploits0References4

CNNVD•added 2023/11/02 12:0 a.m.•1 views

AlgoSec FireFlow Cross-Site Scripting Vulnerability

AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A cross-site scripting vulnerability exists in AlgoSec Fireflow versions A32.20 and A32.50, which stems fr...

5.9CVSS6.4AI score0.00023EPSS

Exploits0References3

OSV•added 2022/10/25 5:15 p.m.•0 views

CVE-2022-36783

AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...

5.4CVSS5.9AI score0.00177EPSS

Exploits0References1

CNNVD•added 2022/10/25 12:0 a.m.•2 views

AlgoSec FireFlow 跨站脚本漏洞

AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A security vulnerability exists in AlgoSec FireFlow, which stems from a Reflective Cross-Site Scripting...

6.5CVSS5.9AI score0.00177EPSS

Exploits0References3

NVD•added 2014/06/16 6:55 p.m.•9 views

CVE-2014-4164

Cross-site scripting XSS vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html...

4.3CVSS5.6AI score0.00318EPSS

Exploits1References1

Prion•added 2014/06/16 6:55 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html...

4.3CVSS6.1AI score0.00318EPSS

Exploits1References1Affected Software1

CVE•added 2014/06/16 6:0 p.m.•37 views

CVE-2014-4164

CVE-2014-4164 : Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230. The issue allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. The provided documents do not specify exploit details beyond the basic vulnerability desc...

4.3CVSS5.8AI score0.00318EPSS

Exploits1References1Affected Software1

Cvelist•added 2014/06/16 6:0 p.m.•18 views

CVE-2014-4164

Cross-site scripting XSS vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html...

5.6AI score0.00318EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by