CVE-2024-50857
published 2025-01-14CVE-2024-50857: The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability…
PriorityP424medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
1.17%
63.5th percentile
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gestioip | gestioip | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
exploitdb·2025-04-14·CVSS 4.8
CVE-2024-50857 [MEDIUM] GestioIP 3.5.7 - Cross-Site Scripting (XSS)
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
---
# Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting (XSS)
# Exploit Author: m4xth0r (Maximiliano Belino)
# Author website: https://maxibelino.github.io/
# Author email (max.cybersecurity at belino.com)
# GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857
# Date: 2025-01-13
# Vendor Homepage: https://www.gestioip.net/
# Software Link: https://www.gestioip.net/en/download/
# Version: GestioIP v3.5.7
# Tested on: Kali Linux
# CVE: CVE-2024-50857
### Description
The `"ip_do_job"` feature of GestioIP 3.5.7 is vulnerable to XSS, leading to data exfiltration and CSRF attacks. Two examples are described below.
### Prerequisites
To successfully exploit the XSS vulnerability, the u
Nuclei
GestioIP - Reflected Cross-Site Scripting
nuclei·CVSS 4.8
CVE-2024-50857 [MEDIUM] GestioIP - Reflected Cross-Site Scripting
GestioIP - Reflected Cross-Site Scripting
GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ip_do_job request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions.
Template:
id: CVE-2024-50857
info:
name: GestioIP - Reflected Cross-Site Scripting
author: Gaurang
severity: medium
description: |
GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ip_do_job request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions.
impact: |
Attackers can execute scripts in victims' browsers, leading to data theft and potential CSRF attacks.
remediation: |
Sanitize user input in the ip_do_job request and update to the lat
No writeups or analysis indexed.
2025-01-14
Published