Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
algosec vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an malicious user to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
Algosec Fireflow A32.20
Algosec Fireflow A32.50
Algosec Fireflow A32.60
NA
CVE-2022-36783
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). Java...
Algosec Fireflow
4.3
CVSSv2
CVE-2014-4164
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote malicious users to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.
Algosec Fireflow 6.3
4.3
CVSSv2
CVE-2013-7318
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Algosec Firewall Analyzer 6.4
4.3
CVSSv2
CVE-2013-5092
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Algosec Firewall Analyzer 6.1
1 EDB exploit
NA
CVE-2023-46596
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an malicious user to initiate an XSS attack by injecting malicious executable scripts into the application's...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started