CVE-2024-50859

Name of the Vulnerable Software and Affected Versions GestioIP version 3.5.7

Description The issue concerns a Reflected XSS vulnerability in the ip import acl csv request. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.

Recommendations For GestioIP version 3.5.7, as a temporary workaround, consider disabling the ip import acl csv request until a patch is available. Restrict access to file uploads to minimize the risk of exploitation. Avoid using improperly formatted files in the affected request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.