Exploit

CVE-2024-24571

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Published: Jan 31, 2024 / Updated: 9mo ago

Update Wed Feb 14 10:13:54 UTC 2024

CVE Id : CVE-2024-24571 Published Date: 2024-02-07T17:25:00+00:00 facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation. inTheWild added a link to an exploit: https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality. If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below To keep up to date follow us on the below channels.

Medium Severity Description facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation. Read more at https://www.tenable.com/cve/CVE-2024-24571

A vulnerability, which was classified as problematic , has been found in WillyXJ facileManager up to 4.5.0 . This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2024-24571 . The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.