Lucene search
K

5 matches found

NVD
NVD
added 2025/01/14 10:15 p.m.11 views

CVE-2024-50857

The ipdojob request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting XSS. It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully...

4.8CVSS0.01172EPSS
Exploits3References3
NVD
NVD
added 2025/01/14 10:15 p.m.15 views

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

9.8CVSS0.45109EPSS
Exploits5References3
Cvelist
Cvelist
added 2025/01/14 12:0 a.m.16 views

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery CSRF. An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration...

0.01669EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/01/14 12:0 a.m.14 views

CVE-2024-50857

The ipdojob request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting XSS. It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully...

0.01172EPSS
Exploits3References3
CVE
CVE
added 2025/01/14 12:0 a.m.76 views

CVE-2024-50857

GestioIP v3.5.7 is affected by a reflected XSS in the ip_do_job request, caused by unsanitized input. Exploitation requires specific user permissions and can lead to data exfiltration and CSRF. Practical details and patches are referenced in multiple sources (Nuclei template, CVE writeups, and ad...

4.8CVSS6AI score0.01172EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder