Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
algosec vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an malicious user to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
Algosec Fireflow A32.20
Algosec Fireflow A32.50
Algosec Fireflow A32.60
5.4
CVSSv3
CVE-2022-36783
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). Java...
Algosec Fireflow
NA
CVE-2014-4164
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote malicious users to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.
Algosec Fireflow 6.3
NA
CVE-2013-5092
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Algosec Firewall Analyzer 6.1
1 EDB exploit
NA
CVE-2013-7318
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Algosec Firewall Analyzer 6.4
NA
CVE-2023-46596
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an malicious user to initiate an XSS attack by injecting malicious executable scripts into the application's...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started