CVE-2024-50861

{"id": "CVE-2024-50861", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-01-14T22:15:27.577", "references": [{"url": "http://www.gestioip.net", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/muebel/gestioip-docker-compose", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the \"TSIG Key\" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks."}, {"lang": "es", "value": " La solicitud ip_mod_dns_key_form.cgi en GestioIP v3.5.7 es vulnerable a XSS almacenado. Un atacante puede inyectar c\u00f3digo malicioso en el campo \"TSIG Key\", que se guarda en la base de datos y activa XSS cuando se visualiza, lo que permite la exfiltraci\u00f3n de datos y los ataques CSRF."}], "lastModified": "2025-06-06T15:40:35.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gestioip:gestioip:3.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32EC91F-6E1F-42A2-AA8E-21D694111822"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}