CVE-2024-24571

Exploit

EPSS 0.42%
Veröffentlicht 31.01.2024 23:15:08
Zuletzt bearbeitet 21.11.2024 08:59:26
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

facileManager Systemic Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Facilemanager ≫ Facilemanager Version < 4.5.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.338

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877

Patch

https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-24571

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24571

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24571

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-24571