CVE-2023-46596

Improper input validation in FireFlow’s VisualFlow workflow editor

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Feb 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

Affected products

Algosec · Algosec FireFlow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm