CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-24571: facileManager Systemic Cross-Site Scripting (XSS)

5.4 CVSS

Description

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

Classification

CVE ID: CVE-2024-24571

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem Types

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Affected Products

Vendor: WillyXJ

Product: facileManager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.27% (probability of being exploited)

EPSS Percentile: 50.0% (scored less or equal to compared to others)

EPSS Date: 2025-06-17 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24571
https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj
https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877

Timeline

2025-05-29 16:40:15 UTC
CVE

facileManager Systemic Cross-Site Scripting (XSS)