CVE-2024-50857

MEDIUM NUCLEI

Gestioip - XSS

Title source: rule

Description

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.

Exploits (1)

exploitdb WORKING POC

by Maximiliano Belino · textremotemultiple

https://www.exploit-db.com/exploits/52203

View Code ZIP pw:eip

Nuclei Templates (1)

GestioIP - Reflected Cross-Site Scripting

MEDIUMVERIFIEDby Gaurang

References (3)

[Product] http://www.gestioip.net

[Exploit, Third Party Advisory] https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857

[Product] https://github.com/muebel/gestioip-docker-compose

Scores

CVSS v3 4.8

EPSS 0.0006

EPSS Percentile 19.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

gestioip/gestioip 3.5.7

Published Jan 14, 2025

Tracked Since Feb 18, 2026