CVE-2019-15227 Information

Description

FlightPath 4.8.3 has XSS in the Content Edit urgent message and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.sevenlayers.com/index.php/236-flightpath-4-8-3-xss

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1