CVE-2024-41640

MEDIUM

AML Surety Eco <= 3.5 - Cross-Site Scripting via ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-41640. PoCs published by alemusix.

AI-analyzed exploit summary The repository describes an unauthenticated reflected XSS vulnerability in AML Surety Eco up to version 3.5, where the 'id' parameter in the error page is not sanitized, allowing JavaScript execution. It includes technical details, CVSS scoring, and evidence of the vulnerability.

Description

Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter.

Exploits (1)

nomisec WRITEUP

by alemusix · poc

https://github.com/alemusix/CVE-2024-41640

View Code ZIP pw:eip

The repository describes an unauthenticated reflected XSS vulnerability in AML Surety Eco up to version 3.5, where the 'id' parameter in the error page is not sanitized, allowing JavaScript execution. It includes technical details, CVSS scoring, and evidence of the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: AML Surety Eco up to v3.5

No auth needed

Prerequisites: Access to the target application's error page URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/alemusix/CVE-2024-41640

Scores

CVSS v3 6.1

EPSS 0.0058

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Jul 29, 2024

Tracked Since Feb 18, 2026