Skip to main content

Flightpath

3 CVEs product

Monthly

CVE-2024-50983 MEDIUM This Month

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flightpath
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2019-15227 MEDIUM POC This Month

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flightpath
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13396 MEDIUM POC THREAT This Month

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Flightpath
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
62.6%
EPSS 0% CVSS 5.4
MEDIUM This Month

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flightpath
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flightpath
NVD
EPSS 63% CVSS 5.3
MEDIUM POC THREAT This Month

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Flightpath
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy