Alteryx Server
Monthly
Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.
CVE-2025-28243 is a Stored/Reflected HTML Injection vulnerability in Alteryx Server 2023.1.1.460 affecting the pages component, enabling unauthenticated attackers to inject malicious scripts that execute in victims' browsers with user interaction. This vulnerability carries a CVSS 8.0 score with high confidentiality and integrity impact; while no KEV or confirmed EPSS data is provided in the source material, the network-accessible attack vector and relatively high CVSS indicate moderate-to-significant real-world risk depending on deployment scope and user exposure.
Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.
CVE-2025-28243 is a Stored/Reflected HTML Injection vulnerability in Alteryx Server 2023.1.1.460 affecting the pages component, enabling unauthenticated attackers to inject malicious scripts that execute in victims' browsers with user interaction. This vulnerability carries a CVSS 8.0 score with high confidentiality and integrity impact; while no KEV or confirmed EPSS data is provided in the source material, the network-accessible attack vector and relatively high CVSS indicate moderate-to-significant real-world risk depending on deployment scope and user exposure.