CVE-2024-57522

MEDIUM

SourceCodester Packers and Movers Management System 1.0 - Stored Cross-Site Scripting in Users.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57522. PoCs published by HackWidMaddy.

AI-analyzed exploit summary This repository contains a writeup and PoC video for CVE-2024-57522, a stored XSS vulnerability in SourceCodester's Packers and Movers Management System 1.0. The vulnerability allows attackers to inject malicious scripts into the username or name field during user creation, which are executed when an admin views the user list page.

Description

SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.

Exploits (1)

nomisec WRITEUP 1 stars
by HackWidMaddy · poc
https://github.com/HackWidMaddy/CVE-2024-57522

This repository contains a writeup and PoC video for CVE-2024-57522, a stored XSS vulnerability in SourceCodester's Packers and Movers Management System 1.0. The vulnerability allows attackers to inject malicious scripts into the username or name field during user creation, which are executed when an admin views the user list page.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Packers and Movers Management System 1.0
Auth required
Prerequisites: Access to user creation functionality · Admin user viewing the user list page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/HackWidMaddy/CVE-2024-57522

Scores

CVSS v3 6.4
EPSS 0.0095
EPSS Percentile 56.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/packers_and_movers_management_system 1.0
Published Feb 03, 2025
Tracked Since Feb 18, 2026