CVE-2022-36783
6.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Summary
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AlgoSec | FireFlow A32.0 | A32.0.580-277 < A32.0.580-277* | affected |
| AlgoSec | FireFlow A32.10 | A32.10.410-212 < A32.10.410-212* | affected |
| AlgoSec | FireFlow A32.20 | A32.20.230-35 < A32.20.230-35* | affected |
Weaknesses
- Reflected Cross-Site-Scripting (RXSS)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.