CVE-2024-24571

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877	Patch
https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-31 23:15

Updated : 2024-02-07 17:25

NVD link : CVE-2024-24571

Mitre link : CVE-2024-24571

CVE.ORG link : CVE-2024-24571

JSON object : View

Products Affected

facilemanager

facilemanager

CWE

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

{"id": "CVE-2024-24571", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-01-31T23:15:08.110", "references": [{"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."}, {"lang": "es", "value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. Para las versiones 4.5.0 y anteriores de la aplicaci\u00f3n web facileManager, descubrimos que XSS estaba presente en casi todos los campos de entrada porque no hab\u00eda suficiente validaci\u00f3n de entrada."}], "lastModified": "2024-02-07T17:25:31.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B", "versionEndExcluding": "4.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}