CVE-2024-24571

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.
Configurations

Configuration 1 (hide)

cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:59

Type Values Removed Values Added
References () https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 - Patch () https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 - Patch
References () https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj - Exploit, Vendor Advisory () https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj - Exploit, Vendor Advisory

07 Feb 2024, 17:25

Type Values Removed Values Added
References () https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj - () https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj - Exploit, Vendor Advisory
References () https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 - () https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
First Time Facilemanager facilemanager
Facilemanager
CPE cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*

31 Jan 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-31 23:15

Updated : 2024-11-21 08:59


NVD link : CVE-2024-24571

Mitre link : CVE-2024-24571

CVE.ORG link : CVE-2024-24571


JSON object : View

Products Affected

facilemanager

  • facilemanager
CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)