CVE-2024-24571 MEDIUM

CVE-2024-24571: facileManager Systemic Cross-Site Scripting (XSS)

Vendor Willyxj
Product facileManager
Weakness CWE-80 · XSS · basic
Published January 31, 2024
Last update May 29, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.

Key dates

02Disclosure timeline

January 31, 2024 CVE published
May 29, 2025 Record updated