CVE-2024-25503

MEDIUM

Advanced REST Client 17.0.9 - Cross-Site Scripting via New Project Edit Details Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25503. PoCs published by EQSTLab.

AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2024-25503, a stored XSS vulnerability in Advanced REST Client v17.0.9. The vulnerability allows arbitrary JavaScript execution via malicious scripts embedded in project descriptions, which can be shared and imported by victims.

Description

Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.

Exploits (1)

nomisec WRITEUP
by EQSTLab · poc
https://github.com/EQSTLab/CVE-2024-25503

This repository provides a detailed writeup and proof-of-concept for CVE-2024-25503, a stored XSS vulnerability in Advanced REST Client v17.0.9. The vulnerability allows arbitrary JavaScript execution via malicious scripts embedded in project descriptions, which can be shared and imported by victims.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Advanced REST Client v17.0.9
No auth needed
Prerequisites: Victim must import a malicious project file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 4.7
EPSS 0.0093
EPSS Percentile 55.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Apr 04, 2024
Tracked Since Feb 18, 2026