← Back

Fl3xx

fl3xx

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Crew
crew
2 CVEs
Dispatch
dispatch
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-42335
1Fl3xx
2Crew
Dispatch
Nov 21, 2024
Sep 20, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.
CVE-2023-42334
1Fl3xx
2Crew
Dispatch
Nov 21, 2024
Sep 20, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.