CVE-2024-50859 — MEDIUM (4.8)

Vulnerability Description

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gestioip	Gestioip	3.5.7

Related Weaknesses (CWE)

CWE-79

References

http://www.gestioip.netProduct
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859ExploitThird Party Advisory
https://github.com/muebel/gestioip-docker-composeProduct
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859ExploitThird Party Advisory

FAQ

What is CVE-2024-50859?

CVE-2024-50859 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attac...

How severe is CVE-2024-50859?

CVE-2024-50859 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-50859?

Check the references section above for vendor advisories and patch information. Affected products include: Gestioip Gestioip.