← back
CVE-2024-24571

facileManager Systemic Cross-Site Scripting (XSS)

CVSS 5.4 MEDIUMEPSS 0.4%CWE-80
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
WillyXJ · facileManager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj