CVE-2024-24571 - OpenCVE

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Facilemanager	Facilemanager

Configuration 1 [-]

cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877
https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-31T22:32:51.646Z

Updated: 2024-08-01T23:19:52.879Z

Reserved: 2024-01-25T15:09:40.211Z

Link: CVE-2024-24571

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-31T23:15:08.110

Modified: 2024-02-07T17:25:31.677

Link: CVE-2024-24571

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24571", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-25T15:09:40.211Z", "datePublished": "2024-01-31T22:32:51.646Z", "dateUpdated": "2024-08-01T23:19:52.879Z"}, "containers": {"cna": {"title": "facileManager Systemic Cross-Site Scripting (XSS)", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}, {"name": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["x_refsource_MISC"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}], "affected": [{"vendor": "WillyXJ", "product": "facileManager", "versions": [{"version": "<= 4.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-31T22:32:51.646Z"}, "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."}], "source": {"advisory": "GHSA-h7w3-xv88-2xqj", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.879Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}, {"name": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B", "versionEndExcluding": "4.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."}, {"lang": "es", "value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. Para las versiones 4.5.0 y anteriores de la aplicaci\u00f3n web facileManager, descubrimos que XSS estaba presente en casi todos los campos de entrada porque no hab\u00eda suficiente validaci\u00f3n de entrada."}], "id": "CVE-2024-24571", "lastModified": "2024-02-07T17:25:31.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-31T23:15:08.110", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Primary"}]}