Unrated severityNVD Advisory· Published Jan 14, 2025· Updated Jan 15, 2025

CVE-2024-50861

Description

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

GestioIP/GestioIPcpe-rescue2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 3.5.7

Patches

Vulnerability mechanics

References

www.gestioip.netmitre
github.com/maxibelino/CVEs/tree/main/CVE-2024-50861mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000