CVE-2024-50857 — MEDIUM (4.8)

Vulnerability Description

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gestioip	Gestioip	3.5.7

Related Weaknesses (CWE)

CWE-79

References

http://www.gestioip.netProduct
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857ExploitThird Party Advisory
https://github.com/muebel/gestioip-docker-composeProduct
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857ExploitThird Party Advisory

FAQ

What is CVE-2024-50857?

CVE-2024-50857 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within ...

How severe is CVE-2024-50857?

CVE-2024-50857 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-50857?

Check the references section above for vendor advisories and patch information. Affected products include: Gestioip Gestioip.