CVE-2024-24035

MEDIUM

Setorinformatica S.i.l. - XSS

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24035. PoCs published by ELIZEUOPAIN.

AI-analyzed exploit summary The repository describes a DOM-based XSS vulnerability in SIL 3.1 via the 'hmessage' parameter. It includes a brief explanation and a screenshot but lacks functional exploit code.

Description

Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter.

Exploits (1)

nomisec WRITEUP

by ELIZEUOPAIN · poc

https://github.com/ELIZEUOPAIN/PoC-CVE-2024-24035

View Code ZIP pw:eip

The repository describes a DOM-based XSS vulnerability in SIL 3.1 via the 'hmessage' parameter. It includes a brief explanation and a screenshot but lacks functional exploit code.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: SIL 3.1

No auth needed

Prerequisites: Access to the vulnerable parameter in the application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/ELIZEUOPAIN/CVE-2024-24035/tree/main

Scores

CVSS v3 6.1

EPSS 0.0044

EPSS Percentile 35.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

setorinformatica/s.i.l. 3.1

Published Mar 07, 2024

Tracked Since Feb 18, 2026