← back
CVE-2022-36783

AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)

CVSS 6.5 MEDIUMEPSS 0.4%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L