{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24571", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-25T15:09:40.211Z", "datePublished": "2024-01-31T22:32:51.646Z", "dateUpdated": "2025-05-29T15:03:05.207Z"}, "containers": {"cna": {"title": "facileManager Systemic Cross-Site Scripting (XSS)", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}, {"name": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["x_refsource_MISC"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}], "affected": [{"vendor": "WillyXJ", "product": "facileManager", "versions": [{"version": "<= 4.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-31T22:32:51.646Z"}, "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."}], "source": {"advisory": "GHSA-h7w3-xv88-2xqj", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.879Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}, {"name": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T15:38:28.197474Z", "id": "CVE-2024-24571", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T15:03:05.207Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "name": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "name": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.879Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24571", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T15:38:28.197474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T15:38:30.397Z"}}], "cna": {"title": "facileManager Systemic Cross-Site Scripting (XSS)", "source": {"advisory": "GHSA-h7w3-xv88-2xqj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "WillyXJ", "product": "facileManager", "versions": [{"status": "affected", "version": "<= 4.5.0"}]}], "references": [{"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "name": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "name": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-31T22:32:51.646Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24571", "state": "PUBLISHED", "dateUpdated": "2025-05-29T15:03:05.207Z", "dateReserved": "2024-01-25T15:09:40.211Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-31T22:32:51.646Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B", "versionEndExcluding": "4.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."}, {"lang": "es", "value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. Para las versiones 4.5.0 y anteriores de la aplicaci\u00f3n web facileManager, descubrimos que XSS estaba presente en casi todos los campos de entrada porque no hab\u00eda suficiente validaci\u00f3n de entrada."}], "id": "CVE-2024-24571", "lastModified": "2024-11-21T08:59:26.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-31T23:15:08.110", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}