Vulnerabilities > Algosec > Fireflow > a32.60
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-15 | CVE-2023-46596 | Cross-site Scripting vulnerability in Algosec Fireflow A32.20/A32.50/A32.60 Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. | 6.1 |
| 2023-11-02 | CVE-2023-46595 | Cross-site Scripting vulnerability in Algosec Fireflow A32.20/A32.50/A32.60 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. | 5.4 |