CVE-2023-46595 MEDIUM

CVE-2023-46595: Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor

Vendor Algosec
Product Algosec FireFlow
Weakness CWE-79 · XSS
Published November 2, 2023
Last update November 12, 2025

CVSS base score

5.9/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)

Key dates

02Disclosure timeline

November 2, 2023 CVE published
November 12, 2025 Record updated