CVE-2024-50983

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-50983

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50983.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-50983

Published

2024-11-15T22:15:15.907Z

Modified

2026-04-10T05:19:12.386091Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.

References

Affected packages

Git / github.com/flightpathacademics/flightpath

Affected ranges

Type

GIT

Repo

https://github.com/flightpathacademics/flightpath

Events

Introduced

Last affected

12e09fcbe694efae6f85164858115c749a2d8e47

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.5"
        }
    ]
}

Affected versions

6.*

6.2

6.x-6.18

Other

after_backup_11_17_2013

dev-release-2015-12-25

dev-release-2016-01-11

flightpath-3.*

flightpath-3.1.1

flightpath-3.1.1-alpha

flightpath-4.*

flightpath-4.0

flightpath-4.0-beta1

flightpath-4.0-rc1

flightpath-4.0-rc2

flightpath-4.0-rc3

flightpath-4.0-rc3.1

flightpath-4.0-rc4

flightpath-4.0-rc5

flightpath-4.0-rc5.1

flightpath-4.0.1

flightpath-4.1

flightpath-4.2

flightpath-4.2.1

flightpath-4.2.2

flightpath-4.2.3

flightpath-4.2.3.1

flightpath-4.3

flightpath-4.3.1

flightpath-4.3.1.1

flightpath-4.3.2

flightpath-4.3.3

flightpath-4.3.4

flightpath-4.4

flightpath-4.4.1

flightpath-4.4.2

flightpath-4.4.3

flightpath-4.4.4

flightpath-4.4.4.1

flightpath-4.4.5

flightpath-4.4.6

flightpath-4.5

flightpath-4.5.1

flightpath-4.6

flightpath-4.6.1

flightpath-4.7

flightpath-4.7.1

flightpath-4.7.2

flightpath-4.7.2.1

flightpath-4.7_2

flightpath-4.8

flightpath-4.8.1

flightpath-4.8.2

flightpath-4.x-dev-1

flightpath-4.x-dev-10

flightpath-4.x-dev-2

flightpath-4.x-dev-3

flightpath-4.x-dev-4

flightpath-4.x-dev-5

flightpath-4.x-dev-6

flightpath-4.x-dev-7

flightpath-4.x-dev-8

flightpath-4.x-dev-9

flightpath-5.*

flightpath-5.x-dev-1

flightpath-5.x-dev-2

flightpath-5.x-dev-3

v6.*

v6.1.1

v6.10

v6.11

v6.11.1

v6.12

v6.12.1

v6.14

v6.14.1

v6.15

v6.15.1

v6.16

v6.16.0

v6.17

v6.18

v6.2.1

v6.3

v6.4

v6.4.1

v6.5

v6.6

v6.7

v6.7.1

v6.7.2

v6.8

v6.9

v6.9.1

v7.*

v7.0-dev

v7.0-rc1

v7.1

v7.2

v7.3

v7.4

v7.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50983.json"