Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
algosec vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an malicious user to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
Algosec Fireflow A32.20
Algosec Fireflow A32.50
Algosec Fireflow A32.60
NA
CVE-2022-36783
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). Java...
Algosec Fireflow
383
VMScore
CVE-2014-4164
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote malicious users to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.
Algosec Fireflow 6.3
435
VMScore
CVE-2013-5092
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Algosec Firewall Analyzer 6.1
1 EDB exploit
383
VMScore
CVE-2013-7318
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Algosec Firewall Analyzer 6.4
NA
CVE-2023-46596
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an malicious user to initiate an XSS attack by injecting malicious executable scripts into the application's...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started