CVE-2024-24571

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-24571
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24571.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-24571
Aliases
  • GHSA-h7w3-xv88-2xqj
Published
2024-01-31T22:32:51.646Z
Modified
2025-11-30T11:29:35.294129Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
facileManager Systemic Cross-Site Scripting (XSS)
Details

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24571.json",
    "cwe_ids": [
        "CWE-80"
    ]
}
References

Affected packages

Git / github.com/willyxj/facilemanager

Affected ranges

Type
GIT
Repo
https://github.com/willyxj/facilemanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5613baa626b3bf0ce81601c3745031922f9b6ce3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.0"
        }
    ]
}

Affected versions

facileManager-complete-3.*

facileManager-complete-3.4.1

v2.*

v2.3.3-complete

v3.*

v3.0-complete
v3.0.1-complete
v3.0.3-complete
v3.1-complete
v3.2-complete
v3.3-complete
v3.4-complete
v3.5.2-complete

v4.*

v4.0.0-complete
v4.2.0-complete
v4.5.0-complete