{"cve":{"cve_id":"CVE-2022-36783","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00354,"epss_percentile":0.27181,"epss_as_of":"2026-06-23","description":"AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.","published_at":"2022-10-25T00:50:05.722000Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-79"],"nvd_references":["https://www.gov.il/en/Departments/faq/cve_advisories"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:10:52.263119Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"algosec","vendor_name":"AlgoSec","product_slug":"fireflow-a32.0","product_name":"FireFlow A32.0","version_start":"A32.0.580-277","version_start_inclusive":true,"version_end":"A32.0.580-277*","version_end_inclusive":false,"cpe23_uri":"cve5:algosec:fireflow-a32.0:A32.0.580-277:A32.0.580-277*"},{"vendor_slug":"algosec","vendor_name":"AlgoSec","product_slug":"fireflow-a32.10","product_name":"FireFlow A32.10","version_start":"A32.10.410-212","version_start_inclusive":true,"version_end":"A32.10.410-212*","version_end_inclusive":false,"cpe23_uri":"cve5:algosec:fireflow-a32.10:A32.10.410-212:A32.10.410-212*"},{"vendor_slug":"algosec","vendor_name":"AlgoSec","product_slug":"fireflow-a32.20","product_name":"FireFlow A32.20","version_start":"A32.20.230-35","version_start_inclusive":true,"version_end":"A32.20.230-35*","version_end_inclusive":false,"cpe23_uri":"cve5:algosec:fireflow-a32.20:A32.20.230-35:A32.20.230-35*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2022-10-25T00:50:05.722000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:23:18.524966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:23:18.524966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:23:18.524966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:10:52.263119Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:10:52.263119Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:10:52.263119Z","label":"SSVC decision revised","source":"vulnrichment"}]}