Vulnerabilities (CVE)

Filtered by vendor Fl3xx Subscribe
Filtered by product Crew
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-42335 1 Fl3xx 2 Crew, Dispatch 2024-11-21 N/A 8.8 HIGH
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.
CVE-2023-42334 1 Fl3xx 2 Crew, Dispatch 2024-11-21 N/A 6.5 MEDIUM
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.