CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt