HIGH🇬🇧 English

CVE-2025-28244

CVSS 8.8v3.1pub. 2025-07-10upd. 2025-07-17

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Alteryx Server

    APP
    Alteryx
    2023.1.1.460
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-28243HIGH8.0ten sam produkt

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.

CVE-2025-63291MEDIUM5.4ten sam produkt

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely...

CVE-2025-28245MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbi...

CVE-2023-26961MEDIUM4.8ten sam produkt

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability al...