Every CVE whose affected-product data names Algosec Fireflow, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-36783 — CVSS 6.5 (medium): AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule…
CVE-2023-46595 — CVSS 5.9 (medium): Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and…
CVE-2023-46596 — CVSS 5.1 (medium): Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version…
CVE-2014-4164 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a…