Alteryx Server
Monthly
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.
CVE-2025-28243 is a Stored/Reflected HTML Injection vulnerability in Alteryx Server 2023.1.1.460 affecting the pages component, enabling unauthenticated attackers to inject malicious scripts that execute in victims' browsers with user interaction. This vulnerability carries a CVSS 8.0 score with high confidentiality and integrity impact; while no KEV or confirmed EPSS data is provided in the source material, the network-accessible attack vector and relatively high CVSS indicate moderate-to-significant real-world risk depending on deployment scope and user exposure.
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.
CVE-2025-28243 is a Stored/Reflected HTML Injection vulnerability in Alteryx Server 2023.1.1.460 affecting the pages component, enabling unauthenticated attackers to inject malicious scripts that execute in victims' browsers with user interaction. This vulnerability carries a CVSS 8.0 score with high confidentiality and integrity impact; while no KEV or confirmed EPSS data is provided in the source material, the network-accessible attack vector and relatively high CVSS indicate moderate-to-significant real-world risk depending on deployment scope and user exposure.