CVE-2022-36783

Name of the Vulnerable Software and Affected Versions AlgoSec FireFlow (affected versions not specified)

Description The issue involves a Reflected Cross-Site-Scripting (RXSS) attack. A malicious user can inject JavaScript code into the IntersectudRule parameter on the "search/result.html" page. By changing the request method from POST to GET and sharing the URL with another user, the malicious JavaScript code is executed on the victim's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.