CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/redhotchilihacker1/CVE-Hunting/blob/master/CVE-2024-50983/README.md	Third Party Advisory
https://github.com/swampopus/flightpath/blob/e713acf9f125af22cc68c2f5664c2869cd73616b/flightpath/CHANGELOG.txt#L4	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:getflightpath:flightpath:7.5:*:*:*:*:*:*:*

History

07 Jul 2025, 16:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:getflightpath:flightpath:7.5:::::::*
First Time		Getflightpath Getflightpath flightpath
References	~~() https://github.com/redhotchilihacker1/CVE-Hunting/blob/master/CVE-2024-50983/README.md -~~	() https://github.com/redhotchilihacker1/CVE-Hunting/blob/master/CVE-2024-50983/README.md - Third Party Advisory
References	~~() https://github.com/swampopus/flightpath/blob/e713acf9f125af22cc68c2f5664c2869cd73616b/flightpath/CHANGELOG.txt#L4 -~~	() https://github.com/swampopus/flightpath/blob/e713acf9f125af22cc68c2f5664c2869cd73616b/flightpath/CHANGELOG.txt#L4 - Release Notes

Information

Published : 2024-11-15 22:15

Updated : 2025-07-07 16:12

NVD link : CVE-2024-50983

Mitre link : CVE-2024-50983

CVE.ORG link : CVE-2024-50983

JSON object : View

Products Affected

getflightpath

flightpath

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10