CVE-2023-46596

Improper input validation in FireFlow’s VisualFlow workflow editor

Description

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)

Remediation

Solution:

  • Upgrade ASMS suite to A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases

Category

5.1
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Vendor Advisory algosec.com
Affected: Algosec Algosec FireFlow
Published at:
Updated at:

References

Link Tags
https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46596.htm vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-46596?
CVE-2023-46596 has been scored as a medium severity vulnerability.
How to fix CVE-2023-46596?
To fix CVE-2023-46596: Upgrade ASMS suite to A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases
Is CVE-2023-46596 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-46596 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-46596?
CVE-2023-46596 affects Algosec Algosec FireFlow.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.