CVE-2024-50859

Medium CVSS: 4.8

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.

Vendor

Gestioip

Product

Gestioip

CWE

CWE-79

Yayın Tarihi

2025-01-14 22:15:27

Güncelleme

2025-06-06 15:40:42

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Gestioip MEDIUM Gestioip 2025

Referanslar

http://www.gestioip.net https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859 https://github.com/muebel/gestioip-docker-compose https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859

Benzer Kayıtlar

Medium

CVE-2024-50857

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and en…

High

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actio…

Medium

CVE-2024-50861

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious cod…

Critical

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke…