Vulnerabilities > Algosec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-46595 | Cross-site Scripting vulnerability in Algosec Fireflow A32.20/A32.50/A32.60 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. | 5.4 |
| 2022-10-25 | CVE-2022-36783 | Cross-site Scripting vulnerability in Algosec Fireflow AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. | 5.4 |
| 2014-06-16 | CVE-2014-4164 | Cross-Site Scripting vulnerability in Algosec Fireflow 6.3 Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. | 4.3 |
| 2014-01-29 | CVE-2013-7318 | Cross-Site Scripting vulnerability in Algosec Firewall Analyzer 6.4 Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
| 2014-01-29 | CVE-2013-5092 | Cross-Site Scripting vulnerability in Algosec Firewall Analyzer 6.1 Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |