Vulnerabilities (CVE)

Filtered by vendor Algosec Subscribe

Filtered by product Fireflow

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-46595	1 Algosec	1 Fireflow	2023-11-28	N/A	6.1 MEDIUM
Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts FireFlow's VisualFlow workflow editor outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above), A32.50 (b400 and above), A32.60 (b220 and above)
CVE-2014-4164	1 Algosec	1 Fireflow	2015-12-04	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.