CVE-2024-50857

Medium CVSS: 4.8

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.

Vendor

Gestioip

Product

Gestioip

CWE

CWE-79

Yayın Tarihi

2025-01-14 22:15:27

Güncelleme

2025-06-06 15:40:53

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Gestioip MEDIUM Gestioip 2025

Referanslar

http://www.gestioip.net https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857 https://github.com/muebel/gestioip-docker-compose https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857

Benzer Kayıtlar

High

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actio…

Medium

CVE-2024-50859

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly forma…

Medium

CVE-2024-50861

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious cod…

Critical

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke…