CVE-2024-24571

Published: Jan 31, 2024Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

Affected (1)

Products: Facilemanager: Facilemanager

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Facilemanager Facilemanager	Before 4.5.1

Related CWEs

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (4)

https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877

Source: security-advisories@github.com

Patch

https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.