AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)
CVE-2022-36783

5.4MEDIUM

Key Information:

Vendor: Algosec
Status: Fireflow A32.0; Fireflow A32.10; Fireflow A32.20
Vendor: CVE Published:; 25 October 2022

What is CVE-2022-36783?

AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FireFlow A32.0 A32.0.580-277

FireFlow A32.10 A32.10.410-212

FireFlow A32.20 A32.20.230-35

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Jul 26, 2022

Credit

Dean Aviani - Hacktics EY

JSON

Algosec