PT-2024-13363 · Algosec · Algosec Fireflow
Michaå Bogdanowicz
+1
·
Published
2024-02-14
·
Updated
2024-02-15
·
CVE-2023-46596
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Algosec FireFlow versions A32.20 through A32.60
Description
The issue is related to improper input validation in the VisualFlow workflow editor via the
Name, Description, and Configuration File fields. This allows an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code.Recommendations
For version A32.20, update to b600 or above.
For version A32.50, update to b430 or above.
For version A32.60, update to b250 or above.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Algosec Fireflow