CVE-2023-46596 MEDIUM

CVE-2023-46596: Improper input validation in FireFlow’s VisualFlow workflow editor

Vendor Algosec
Product Algosec FireFlow
Weakness CWE-79 · XSS
Published February 15, 2024
Last update August 2, 2024

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Key dates

02Disclosure timeline

February 15, 2024 CVE published
August 2, 2024 Record updated