CVE-2024-33231

MEDIUM

Ferozo Email 1.1 - Cross-Site Scripting via PDF Preview Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-33231. PoCs published by fdzdev.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-33231, an XSS vulnerability in Ferozo Webmail 1.1 caused by insufficient sanitization of file uploads. It describes the attack vector, impact, and remediation steps but does not include functional exploit code.

Description

Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.

Exploits (1)

nomisec WRITEUP 1 stars

by fdzdev · poc

https://github.com/fdzdev/CVE-2024-33231

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-33231, an XSS vulnerability in Ferozo Webmail 1.1 caused by insufficient sanitization of file uploads. It describes the attack vector, impact, and remediation steps but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ferozo Webmail 1.1

Auth required

Prerequisites: Authenticated user access to the file upload feature

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/fdzdev/CVE-2024-33231

Scores

CVSS v3 5.4

EPSS 0.0042

EPSS Percentile 33.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Nov 18, 2024

Tracked Since Feb 18, 2026