CVE-2024-50861

Medium CVSS: 6.1

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.

Vendor

Gestioip

Product

Gestioip

CWE

CWE-79

Yayın Tarihi

2025-01-14 22:15:27

Güncelleme

2025-06-06 15:40:35

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Gestioip MEDIUM Gestioip 2025

Referanslar

http://www.gestioip.net https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861 https://github.com/muebel/gestioip-docker-compose https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861

Benzer Kayıtlar

Medium

CVE-2024-50857

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and en…

High

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actio…

Medium

CVE-2024-50859

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly forma…

Critical

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke…