CVE-2022-36783 MEDIUM

CVE-2022-36783: AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)

Vendor Algosec
Product FireFlow A32.0
Published October 25, 2022
Last update May 7, 2025

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.

Key dates

02Disclosure timeline

October 25, 2022 CVE published
May 7, 2025 Record updated