CVE-2024-50857

CVSS 4.8 MEDIUMEPSS 1.2%CWE-79

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52203unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857 https://github.com/muebel/gestioip-docker-compose http://www.gestioip.net