CVE-2023-46596

low-risk
Published 2024-02-15

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.1/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (3)

Fireflow
Fireflow
Fireflow

Affected Vendors

Algosec

References (2)

Vendor Advisory https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm
Vendor Advisory https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm
22
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 9/34 · Low