Alteryx Alteryx_server
5 CVEs affecting Alteryx Alteryx_server. Latest disclosed: 2025-11-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-28244 | High | 8.8 | 2025-07-10 | Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localSt… |
CVE-2025-28243 | High | 8.0 | 2025-07-10 | An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component. |
CVE-2025-28245 | Medium | 6.1 | 2025-07-10 | Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification bod… |
CVE-2025-63291 | Medium | 5.4 | 2025-11-14 | When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller… |
CVE-2023-26961 | Medium | 4.8 | 2023-08-08 | Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., J… |