Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2023-26961

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request.

Published: Aug 8, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-26961
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
alteryx / alteryx_server	2022.1.1.42590	2022.1.1.42590.x

http://alteryx.com
https://gist.github.com/DylanGrl/4269ae834c5d0ec77c9b928ad35d3be3

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo