Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LarvataFlygo

2 matches found

CVE
CVEadded 2021/08/09 10:15 a.m.28 views

CVE-2021-37212

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content.

5.5CVSS5.5AI score0.00108EPSS
CVE
CVEadded 2021/08/09 10:15 a.m.26 views

CVE-2021-37211

The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks.

5.4CVSS5.3AI score0.00155EPSS