CVE-2024-50857
Medium
Low
Medium
High
Critical
4.8
CVSS Score
Published: Jan 14, 2025
Last Modified: Jun 06, 2025
Vulnerability Description
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
H
User Interaction
R
Scope
C
Confidentiality
L
Integrity
L
Availability
N
Known Affected Software
1 configuration(s) from 1 vendor(s)
gestioip
Version:
3.5.7
CPE:
cpe:2.3:a:gestioip:gestioip:3.5.7:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.gestioip.netcve@mitre.org Product
-
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857cve@mitre.org Exploit Third Party Advisory
-
https://github.com/muebel/gestioip-docker-composecve@mitre.org Product
-
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit Third Party Advisory
Severity Details
4.8
out of 10.0
Medium
Key Information
- Published Date
- January 14, 2025
