CVE-2024-51031

MEDIUM

Sourcecodester Cab Management System 1.0 - Authenticated Stored Cross-Site Scripting via User Name Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-51031. PoCs published by vighneshnair7.

AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2024-51031, a Stored XSS vulnerability in Sourcecodester Cab Management System 1.0. The vulnerability allows authenticated users to inject malicious scripts via the 'First Name', 'Middle Name', and 'Last Name' fields, which execute when an admin views the 'Registered Clients' page.

Description

A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields.

Exploits (1)

nomisec WRITEUP
by vighneshnair7 · poc
https://github.com/vighneshnair7/CVE-2024-51031

This repository provides a detailed writeup for CVE-2024-51031, a Stored XSS vulnerability in Sourcecodester Cab Management System 1.0. The vulnerability allows authenticated users to inject malicious scripts via the 'First Name', 'Middle Name', and 'Last Name' fields, which execute when an admin views the 'Registered Clients' page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Cab Management System 1.0
Auth required
Prerequisites: Authenticated access to the application · Admin interaction to trigger the payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0040
EPSS Percentile 31.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/cab_management_system 1.0
Published Nov 08, 2024
Tracked Since Feb 18, 2026