Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor
Vulnerability Description
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
AlgoSec FireFlow 跨站脚本漏洞
Vulnerability Description
AlgoSec FireFlow是美国AlgoSec公司的一个安全应用程序。用于自动执行安全策略更改生命周期,从提交更改请求到审核所做更改。 AlgoSec Fireflow A32.20版本和A32.50版本存在跨站脚本漏洞,该漏洞源于允许攻击者获取受害者的域凭据和哈希,可能导致中继域攻击。
CVSS Information
N/A
Vulnerability Type
N/A