CVE-2024-24135

MEDIUM

Product Inventory with Export to Excel 1.0 - Stored Cross-Site Scripting in Product Name and Code

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24135. PoCs published by BurakSevben.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-24135, an XSS vulnerability in 'Product Inventory with Export to Excel' software. It includes step-by-step proof-of-concept instructions and screenshots demonstrating the exploitation of the 'Product Name' and 'Product Code' fields.

Description

Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.

Exploits (1)

nomisec WRITEUP

by BurakSevben · poc

https://github.com/BurakSevben/CVE-2024-24135

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2024-24135, an XSS vulnerability in 'Product Inventory with Export to Excel' software. It includes step-by-step proof-of-concept instructions and screenshots demonstrating the exploitation of the 'Product Name' and 'Product Code' fields.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Product Inventory with Export to Excel 1.0

No auth needed

Prerequisites: Access to the 'Add Product' functionality in the web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/BurakSevben/2024_Product_Inventory_with_Export_to_Excel_XSS/

Scores

CVSS v3 6.1

EPSS 0.0066

EPSS Percentile 46.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

remyandrade/product_inventory_with_export_to_excel 1.0

Published Jan 29, 2024

Tracked Since Feb 18, 2026