Vulnerability Details CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.9%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-50983
-
cpe:2.3:a:getflightpath:flightpath:7.5