CVE-2024-24136

MEDIUM

Sourcecodester Math Game with Leaderboard 1.0 - Stored Cross-Site Scripting via Your Name Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24136. PoCs published by BurakSevben.

AI-analyzed exploit summary This repository provides a detailed technical writeup of CVE-2024-24136, a Cross-Site Scripting (XSS) vulnerability in the 'Math Game with Leaderboard' application. It includes a proof-of-concept payload and step-by-step instructions to trigger the XSS, along with screenshots demonstrating the exploit.

Description

The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.

Exploits (1)

nomisec WRITEUP

by BurakSevben · poc

https://github.com/BurakSevben/CVE-2024-24136

View Code ZIP pw:eip

This repository provides a detailed technical writeup of CVE-2024-24136, a Cross-Site Scripting (XSS) vulnerability in the 'Math Game with Leaderboard' application. It includes a proof-of-concept payload and step-by-step instructions to trigger the XSS, along with screenshots demonstrating the exploit.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Math Game with Leaderboard Using PHP and MySQL (Version 1.0)

No auth needed

Prerequisites: Access to the vulnerable application · User interaction to submit the malicious payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/BurakSevben/2024_Math_Game_XSS

Scores

CVSS v3 6.1

EPSS 0.0059

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

remyandrade/math_game 1.0

Published Jan 29, 2024

Tracked Since Feb 18, 2026