Stored XSS Vulnerability in GestioIP v3.5.7 by GestioIP
CVE-2024-50861

6.1MEDIUM

Key Information:

Vendor: GestioIP
Status: Gestioip
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-50861?

GestioIP version 3.5.7 is susceptible to a stored XSS vulnerability through the ip_mod_dns_key_form.cgi request. An attacker can exploit this issue by injecting harmful scripts into the 'TSIG Key' field. Once saved in the database, this injected code becomes active when viewed, potentially allowing attackers to exfiltrate sensitive data and execute cross-site request forgery (CSRF) attacks on unsuspecting users.

References

https://github.com/muebel/gestioip-docker-compose

http://www.gestioip.net

https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025