CVE-2024-48415

MEDIUM

Loan Management System 1.0 - Stored Cross-Site Scripting via New Borrower Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48415. PoCs published by khaliquesX.

AI-analyzed exploit summary This repository contains a writeup describing a Cross-Site Scripting (XSS) vulnerability in itsourcecode Loan Management System v1.0. The vulnerability allows an attacker to inject malicious scripts via multiple parameters in the new borrowers functionality.

Description

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.

Exploits (1)

nomisec WRITEUP

by khaliquesX · poc

https://github.com/khaliquesX/CVE-2024-48415

View Code ZIP pw:eip

This repository contains a writeup describing a Cross-Site Scripting (XSS) vulnerability in itsourcecode Loan Management System v1.0. The vulnerability allows an attacker to inject malicious scripts via multiple parameters in the new borrowers functionality.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: itsourcecode Loan Management System v1.0

Auth required

Prerequisites: Access to the Loan Management System application · Valid login credentials · Ability to navigate to the Borrower section

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/khaliquesX/CVE-2024-48415/blob/main/README.md

View Writeup ZIP pw:eip

Scores

CVSS v3 5.0

EPSS 0.0036

EPSS Percentile 27.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

razormist/loan_management_system 1.0

Published Oct 22, 2024

Tracked Since Feb 18, 2026