Vulnerabilities > Fortra > Filecatalyst Direct
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-13 | CVE-2024-25154 | Path Traversal vulnerability in Fortra Filecatalyst Direct Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. | 5.3 |
| 2024-03-13 | CVE-2024-25155 | Cross-site Scripting vulnerability in Fortra Filecatalyst Direct In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. | 6.1 |