CVE-2025-28245

Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
Configurations

Configuration 1 (hide)

cpe:2.3:a:alteryx:alteryx_server:2023.1.1.460:*:*:*:*:*:*:*

History

17 Jul 2025, 00:58

Type Values Removed Values Added
CPE cpe:2.3:a:alteryx:alteryx_server:2023.1.1.460:*:*:*:*:*:*:*
References () https://alteryx.com - () https://alteryx.com - Product
References () https://gist.github.com/DylanGrl/5e0ac3924f4d939e9c1ebb8632f2851b - () https://gist.github.com/DylanGrl/5e0ac3924f4d939e9c1ebb8632f2851b - Exploit, Third Party Advisory
First Time Alteryx alteryx Server
Alteryx

15 Jul 2025, 13:24

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-10 19:15

Updated : 2025-07-17 00:58


NVD link : CVE-2025-28245

Mitre link : CVE-2025-28245

CVE.ORG link : CVE-2025-28245


JSON object : View

Products Affected

alteryx

  • alteryx_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')