4 matches found
CVE-2013-5092
CVE-2013-5092 is a reported XSS vulnerability in the file afa/php/Login.php of AlgoSec Firewall Analyzer 6.1-b86 . The vulnerability allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter. The NVD entry lists a Medium base score (CVSS 2.0: 4.3) with network att...
CVE-2013-7318
AlgoSec Firewall Analyzer 6.4 has an XSS vulnerability in the BusinessFlow/login path, exploitable via the message parameter to inject arbitrary script/HTML. The root cause is an XSS condition in the login flow; remote attackers could induce script execution in a victim’s browser. The provided do...
CVE-2025-12382
Algosec Firewall Analyzer (Linux, 64‑bit) is affected by a Path Traversal leading to code injection due to an improper limitation of a pathname. Root cause: improper restriction of pathnames to restricted directories. Affected versions: A33.0 up to build 320; A33.10 up to build 210. Impact: an au...
CVE-2025-12381
AlgoSec Firewall Analyzer (Linux, 64‑bit) is affected by CVE-2025-12381 due to improper privilege management in a sudoers‑authorized command. A local user with CLI access can escalate privileges by abusing parameters of that approved command, enabling privilege escalation and parameter injection....