exploitDog

GHSA-qxwj-fm5r-rhx8

Опубликовано: 15 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.1

Описание

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 allows an attacker to initiate an XSS attack by injecting malicious executable scripts into the code of application. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 allows an attacker to initiate an XSS attack by injecting malicious executable scripts into the code of application. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Ссылки

EPSS

Процентиль: 17%

0.00055

Низкий

5.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-46596

CVSS3: 5.1

nvd

почти 2 года назад

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

EPSS

Процентиль: 17%

0.00055

Низкий

5.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79