32 matches found
FlightPath - Local File Inclusion
FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion. id: CVE-2019-13396 info: name: FlightPath - Local File Inclusion author: 0xAkoko,daffainfo severity: medium description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion...
VulnCheck KEV: CVE-2019-13396
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...
EUVD-2019-6239
Malware in sbrugna...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
CVE-2019-13396
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...
CVE-2019-15227
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions...
VulnCheck KEV: CVE-2024-50603
Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
CVE-2024-50983
CVE-2024-50983 affects FlightPath 7.5 with a Cross Site Scripting (XSS) vulnerability. The issue allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in a user’s browser by submitting a malicious payload in the Last Name field of the Create/Edit Faculty/...
PT-2024-34484 · Unknown · Flightpath
Name of the Vulnerable Software and Affected Versions: FlightPath version 7.5 Description: The issue allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the Last Name...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
FlightPath 安全漏洞
FlightPath is an open source academic advising system for universities from FlightPath, Inc. A security vulnerability exists in FlightPath version 7.5. An attacker can exploit this vulnerability to inject arbitrary JavaScript into a user's web browser...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
FlightPath LMS 5.0-rc2 Cross Site Scripting
==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...
FlightPath LMS 5.0-rc2 Insecure Direct Object Reference
==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
FlightPath LMS 4.8.2 Cross Site Scripting
==================================================================================================================================== | Title : FlightPath LMS v4.8.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor...
FlightPath LMS 4.8.2 Insecure Direct Object Reference
==================================================================================================================================== | Title : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
CVE-2019-15227
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions...
CVE-2019-15227
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions...