CVE-2024-50861

Name of the Vulnerable Software and Affected Versions GestioIP version 3.5.7

Description The issue concerns a Stored XSS vulnerability in the ip mod dns key form.cgi request. An attacker can inject malicious code into the TSIG Key field, which is saved in the database and triggers XSS when viewed. This enables data exfiltration and CSRF attacks.

Recommendations For GestioIP version 3.5.7, consider disabling the ip mod dns key form.cgi request or restricting access to the TSIG Key field until a patch is available. Avoid using the TSIG Key field in the affected request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.