CVE-2024-50983 — MEDIUM (5.4)

Vulnerability Description

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Getflightpath	Flightpath	7.5

Related Weaknesses (CWE)

CWE-79

References

https://github.com/redhotchilihacker1/CVE-Hunting/blob/master/CVE-2024-50983/REAThird Party Advisory
https://github.com/swampopus/flightpath/blob/e713acf9f125af22cc68c2f5664c2869cd7Release Notes

FAQ

What is CVE-2024-50983?

CVE-2024-50983 is a vulnerability with a CVSS score of 5.4 (MEDIUM). FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user b...

How severe is CVE-2024-50983?

CVE-2024-50983 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-50983?

Check the references section above for vendor advisories and patch information. Affected products include: Getflightpath Flightpath.