4 matches found
CVE-2021-37212
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
CVE-2021-37212
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
Cross site scripting
The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks...
CVE-2021-37211
The CVE-2021-37211 entry concerns Flygo's bulletin/announcements feature that fails to filter special characters when adding a new announcement, enabling a stored XSS via input submitted with a general user credential. Attackers could inject JavaScript through the announcements field, leading to ...