CVE-2024-23998

CRITICAL

Another Redis Desktop Manager <= 1.6.1 - Cross-Site Scripting in Setting Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23998. PoCs published by EQSTLab.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-23998, a local code execution vulnerability in Another Redis Desktop Manager via XSS. It explains the root cause, exploitation steps, and includes a proof-of-concept patch for the font_faq message to execute arbitrary commands.

Description

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.

Exploits (1)

nomisec WRITEUP

by EQSTLab · poc

https://github.com/EQSTLab/CVE-2024-23998

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-23998, a local code execution vulnerability in Another Redis Desktop Manager via XSS. It explains the root cause, exploitation steps, and includes a proof-of-concept patch for the font_faq message to execute arbitrary commands.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Another Redis Desktop Manager <= 1.6.6

No auth needed

Prerequisites: Ability to modify the installation file · User interaction (hovering over the font family help icon)

MITRE ATT&CK

T1189 - Drive-by Compromise T1204 - User Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit

https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-23998

Scores

CVSS v3 9.6

EPSS 0.0071

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

goanother/another_redis_desktop_manager < 1.6.1

Published Jul 05, 2024

Tracked Since Feb 18, 2026