Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2024-1024 | Medium Severity | Armis

). The issue affects version 1.0 and is rated LOW (CVSS v3.1 base score 3.5).\n","articleBody":"Cross-site scripting (CWE-79) vulnerability in SourceCodester Facebook News Feed Like 1.0 (New Account Handler) allows remote attackers to inject and execute arbitrary JavaScript in a victim’s browser by manipulating the First Name/Last Name fields (example payload: ). The issue affects version 1.0 and is rated LOW (CVSS v3.1 base score 3.5).\n\n\nThis entry documents a cross-site scripting vulnerability in SourceCodester Facebook News Feed Like 1.0, specifically within the New Account Handler. By injecting script code into the First Name or Last Name fields, an attacker can trigger execution of arbitrary JavaScript in a victim’s browser. Exploitation is remote and depicted as requiring user interaction, with the vulnerability publicly disclosed. The CVSS assessment places this as LOW severity (CVSSv3.1 base score 3.5, vector AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).\n","datePublished":"2024-01-30T01:15:59.000Z","dateModified":"2026-05-13T09:03:22.439Z","keywords":"Medium, 2024, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2024-1024","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1024","name":"NVD CVE-2024-1024"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.06%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"20th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2024-1024?","acceptedAnswer":{"@type":"Answer","text":"Cross-site scripting (CWE-79) vulnerability in SourceCodester Facebook News Feed Like 1.0 (New Account Handler) allows remote attackers to inject and execute arbitrary JavaScript in a victim’s browser by manipulating the First Name/Last Name fields (example payload: ). The issue affects version 1.0 and is rated LOW (CVSS v3.1 base score 3.5).\n"}},{"@type":"Question","name":"How severe is CVE-2024-1024?","acceptedAnswer":{"@type":"Answer","text":"CVE-2024-1024 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.06% (20th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2024-1024?","acceptedAnswer":{"@type":"Answer","text":"- Check for vendor advisories and apply the latest patch or upgrade to the fixed version of SourceCodester Facebook News Feed Like, or any hotfix provided for the New Account Handler.\n- Implement input validation and output encoding for First Name and Last Name fields:\n - Validate input against an allowlist of permitted characters.\n - Encode all user-supplied data before rendering in HTML (HTML entity encoding).\n- Adopt proper data handling practices:\n - Use server-side sanitization and/or a trusted sanitization library to cleanse user input.\n - Ensure no untrusted input is rendered without encoding or neutralization.\n- Strengthen client-side defense:\n - Enforce a strong Content Security Policy (CSP) that disallows inline scripts and restricts script sources.\n - Disable or constrain inline event handlers and JavaScript in user-provided content.\n- If patching is not immediately possible, implement mitigations:\n - Apply WAF rules to detect and block common XSS payloads.\n - Temporarily sanitize or strip potentially dangerous input on the server side.\n- Validate the fix:\n - Test with payloads such as and other XSS vectors to confirm that scripts are not executed.\n - Conduct a repeatable security test (both automated and manual) after applying fixes.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2024-1024","item":"https://cve.armis.com/CVE-2024-1024"}]}]

CVE-2024-1024:

Cross-site scripting (CWE-79) vulnerability in SourceCodester Facebook News Feed Like 1.0 (New Account Handler) allows remote attackers to inject and execute arbitrary JavaScript in a victim’s browser by manipulating the First Name/Last Name fields (example payload: alert(1)). The issue affects version 1.0 and is rated LOW (CVSS v3.1 base score 3.5).

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:Jan 30, 2024
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:20%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW

Description Preview

Cross-site scripting (CWE-79) vulnerability in SourceCodester Facebook News Feed Like 1.0 (New Account Handler) allows remote attackers to inject and execute arbitrary JavaScript in a victim’s browser by manipulating the First Name/Last Name fields (example payload: alert(1)). The issue affects version 1.0 and is rated LOW (CVSS v3.1 base score 3.5).

Overview

This entry documents a cross-site scripting vulnerability in SourceCodester Facebook News Feed Like 1.0, specifically within the New Account Handler. By injecting script code into the First Name or Last Name fields, an attacker can trigger execution of arbitrary JavaScript in a victim’s browser. Exploitation is remote and depicted as requiring user interaction, with the vulnerability publicly disclosed. The CVSS assessment places this as LOW severity (CVSSv3.1 base score 3.5, vector AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).

Remediation

Check for vendor advisories and apply the latest patch or upgrade to the fixed version of SourceCodester Facebook News Feed Like, or any hotfix provided for the New Account Handler.
Implement input validation and output encoding for First Name and Last Name fields:
- Validate input against an allowlist of permitted characters.
- Encode all user-supplied data before rendering in HTML (HTML entity encoding).
Adopt proper data handling practices:
- Use server-side sanitization and/or a trusted sanitization library to cleanse user input.
- Ensure no untrusted input is rendered without encoding or neutralization.
Strengthen client-side defense:
- Enforce a strong Content Security Policy (CSP) that disallows inline scripts and restricts script sources.
- Disable or constrain inline event handlers and JavaScript in user-provided content.
If patching is not immediately possible, implement mitigations:
- Apply WAF rules to detect and block common XSS payloads.
- Temporarily sanitize or strip potentially dangerous input on the server side.
Validate the fix:
- Test with payloads such as alert(1) and other XSS vectors to confirm that scripts are not executed.
- Conduct a repeatable security test (both automated and manual) after applying fixes.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low

Mining

Utilities

Information

Construction

Retail Trade

Manufacturing

Wholesale Trade

Educational Services

Finance and Insurance

Public Administration

Real Estate Rental and Leasing

Transportation and Warehousing