{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T16:38:37.377","vulnerabilities":[{"cve":{"id":"CVE-2022-36783","sourceIdentifier":"cna@cyber.gov.il","published":"2022-10-25T17:15:55.210","lastModified":"2025-05-07T20:15:21.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user."},{"lang":"es","value":"AlgoSec - FireFlow Reflected Cross-Site-Scripting (RXSS) Un usuario malicioso inyecta código JavaScript en un parámetro llamado IntersectudRule en la página search/result.html. El usuario malicioso cambia la petición de POST a GET y envía la URL a otro usuario (víctima). El código JavaScript se ejecuta en el navegador del otro usuario"}],"metrics":{"cvssMetricV31":[{"source":"cna@cyber.gov.il","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:algosec:fireflow:*:*:*:*:*:*:*:*","versionStartIncluding":"a32.0","versionEndExcluding":"a32.0.580-277","matchCriteriaId":"7B34C315-2667-4A01-9DEF-DE6290D35134"},{"vulnerable":true,"criteria":"cpe:2.3:a:algosec:fireflow:*:*:*:*:*:*:*:*","versionStartIncluding":"a32.10","versionEndExcluding":"a32.10.410-212","matchCriteriaId":"921BD92C-2284-435D-8228-037FE0ADFAB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:algosec:fireflow:*:*:*:*:*:*:*:*","versionStartIncluding":"a32.20","versionEndExcluding":"a32.20.230-35","matchCriteriaId":"DE55D7A3-C609-4EC5-A657-4D9F96087CA8"}]}]}],"references":[{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"cna@cyber.gov.il","tags":["Third Party Advisory"]},{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}