CVE-2023-46595

The CVE-2023-46595 entry is supported by concrete technical details in connected sources describing an HTML injection vulnerability in AlgoSec FireFlow VisualFlow editor. Affected software: FireFlow VisualFlow prior to A32.20 (b570) and prior to A32.50 (b390) (as well as prior to A32.60 (b220) pe...

CVE-2022-36783

CVE-2022-36783 affects AlgoSec FireFlow with a Reflected Cross-Site-Scripting (RXSS) vector. A malicious user can inject JavaScript into the IntersectudRule parameter on the search/result.html page by changing the request method from POST to GET and sharing the URL with a victim. This results in ...

CVE-2023-46596

The CVE-2023-46596 affects AlgoSec FireFlow VisualFlow workflow editor, specifically versions A32.20, A32.50, and A32.60. The root cause is improper input validation in fields Name, Description, and Configuration File, enabling an attacker to inject malicious scripts (XSS) into the application co...

CVE-2014-4164

CVE-2014-4164 : Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230. The issue allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. The provided documents do not specify exploit details beyond the basic vulnerability desc...