Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-42335 | 1 Fl3xx | 2 Crew, Dispatch | 2024-11-21 | N/A | 8.8 HIGH |
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. | |||||
CVE-2023-42334 | 1 Fl3xx | 2 Crew, Dispatch | 2024-11-21 | N/A | 6.5 MEDIUM |
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. |