VYPR
Vendor

FlightPath

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2019-13396MedJul 10, 2019
    risk 0.42cvss 5.3epss 0.63

    FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.

  • CVE-2019-15227MedAug 20, 2019
    risk 0.40cvss 6.1epss 0.01

    FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.

  • CVE-2024-50983MedNov 15, 2024
    risk 0.35cvss 5.4epss 0.00

    FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit…