nvd-json-data-feeds/CVE-2023/CVE-2023-465xx/CVE-2023-46596.json

{
  "id": "CVE-2023-46596",
  "sourceIdentifier": "security.vulnerabilities@algosec.com",
  "published": "2024-02-15T06:15:45.453",
  "lastModified": "2024-02-15T07:15:07.370",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in\u00a0version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version\u00a0A32.20 (b600 and\nabove),\u00a0A32.50 (b430 and\nabove),\u00a0A32.60 (b250 and\nabove)"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security.vulnerabilities@algosec.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.4,
        "impactScore": 4.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security.vulnerabilities@algosec.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cwe.mitre.org/data/definitions/79.html",
      "source": "security.vulnerabilities@algosec.com"
    }
  ]
}
Auto-Update: 2024-02-15T07:00:26.520976+00:00 2024-02-15 07:00:30 +00:00			`{`
			`"id": "CVE-2023-46596",`
			`"sourceIdentifier": "security.vulnerabilities@algosec.com",`
			`"published": "2024-02-15T06:15:45.453",`
Auto-Update: 2024-02-15T09:01:12.503487+00:00 2024-02-15 09:01:16 +00:00			`"lastModified": "2024-02-15T07:15:07.370",`
Auto-Update: 2024-02-15T07:00:26.520976+00:00 2024-02-15 07:00:30 +00:00			`"vulnStatus": "Awaiting Analysis",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
Auto-Update: 2024-02-15T09:01:12.503487+00:00 2024-02-15 09:01:16 +00:00			`"value": "Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in\u00a0version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version\u00a0A32.20 (b600 and\nabove),\u00a0A32.50 (b430 and\nabove),\u00a0A32.60 (b250 and\nabove)"`
Auto-Update: 2024-02-15T07:00:26.520976+00:00 2024-02-15 07:00:30 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security.vulnerabilities@algosec.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 5.1,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 0.4,`
			`"impactScore": 4.7`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security.vulnerabilities@algosec.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://cwe.mitre.org/data/definitions/79.html",`
			`"source": "security.vulnerabilities@algosec.com"`
			`}`
			`]`
			`}`