CVE-2025-28243HIGH 8.0EPSS p23.3%

CVE-2025-28243CVE-2025-28243

Description

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS0.32% probability of exploitation · percentile 23.3% · 2026-06-19T12:03:05Z
Published2025-07-10
Last modified2025-07-17

Underlying weaknesses· 1

CWE-79

References

  1. https://alteryx.com
  2. https://gist.github.com/DylanGrl/fbe4cc8eaf2b95147069c82b39be59b0

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-28244
CVE
Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVE
CVE-2025-63291
CVE
CVE-2025-10244
CVE
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
CVE
XWiki Platform Eval Injection Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.