CVE-2023-46596

Опубликовано: 15 фев. 2024

Источник: nvd

CVSS3: 5.1

CVSS3: 6.1

EPSS Низкий

Описание

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Ссылки

https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm
Vendor Advisory
https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:algosec:fireflow:a32.20:*:*:*:*:*:*:*

cpe:2.3:a:algosec:fireflow:a32.50:*:*:*:*:*:*:*

cpe:2.3:a:algosec:fireflow:a32.60:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

5.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qxwj-fm5r-rhx8

CVSS3: 5.1

github

почти 2 года назад

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 allows an attacker to initiate an XSS attack by injecting malicious executable scripts into the code of application. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

EPSS

Процентиль: 17%

0.00055

Низкий

5.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79