CVE-2024-50859

MEDIUM

Gestioip - XSS

Title source: rule

Description

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.

Exploits (1)

exploitdb WORKING POC

by Maximiliano Belino · textremotemultiple

https://www.exploit-db.com/exploits/52202

View Code ZIP pw:eip

References (3)

[Product] http://www.gestioip.net

[Exploit, Third Party Advisory] https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859

[Product] https://github.com/muebel/gestioip-docker-compose

Scores

CVSS v3 4.8

EPSS 0.0060

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

gestioip/gestioip 3.5.7

Published Jan 14, 2025

Tracked Since Feb 18, 2026