CVE-2024-50861

Sažetak

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.

Reference

http://www.gestioip.net
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861
https://github.com/muebel/gestioip-docker-compose

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

15-01-2025 - 00:15

Objavljeno

14-01-2025 - 22:15