Description
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
- Attack Vector
- adjacent network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- changed
- Confidentiality
- low
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-79CWE-79
Metadata
- Primary Vendor
- ALGOSEC
- Published
- 10/25/2022
- Last Modified
- 5/7/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
algosec : fireflowalgosec : fireflowalgosec : fireflow
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.