header-logo
Suggest Exploit
vendor:
GestioIP
by:
m4xth0r (Maximiliano Belino)
6.1
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: GestioIP
Affected Version From: 3.5.2007
Affected Version To: 3.5.2007
Patch Exists: NO
Related CWE: CVE-2024-50857
CPE: a:gestioip:gestioip:3.5.7
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2025

GestioIP 3.5.7 – Authenticated Cross-Site Scripting (XSS) Vulnerability

GestioIP 3.5.7 is prone to an authenticated cross-site scripting vulnerability in the 'ip_do_job' feature. This could allow attackers to perform data exfiltration and cross-site request forgery (CSRF) attacks. The vulnerability can be exploited by injecting malicious scripts into parameters like 'host_id' and 'stored_config'.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user inputs to prevent the execution of malicious scripts. Additionally, implementing content security policy (CSP) headers can help in mitigating XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting (XSS)
# Exploit Author: m4xth0r (Maximiliano Belino)
# Author website: https://maxibelino.github.io/
# Author email (max.cybersecurity at belino.com)
# GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857
# Date: 2025-01-13
# Vendor Homepage: https://www.gestioip.net/
# Software Link: https://www.gestioip.net/en/download/
# Version: GestioIP v3.5.7
# Tested on: Kali Linux
# CVE: CVE-2024-50857

### Description

The `"ip_do_job"` feature of GestioIP 3.5.7 is vulnerable to XSS, leading to data exfiltration and CSRF attacks. Two examples are described below.

### Prerequisites

To successfully exploit the XSS vulnerability, the user must be part of a "User Group" that has the following three permissions:

• Show backuped device configurations (read_device_config_perm)
• Upload device configurations (write_device_config_perm)
• Administrate CM (administrative_cm_perm)



1) vulnerable parameter: `host_id`

http://localhost/gestioip/res/cm/ip_do_job.cgi?client_id=1&host_id='<script>alert("test")</script>'


2) vulnerable parameter: `stored_config`

http://localhost/gestioip/res/cm/ip_do_job.cgi?client_id=1&stored_config='<script>alert("test")</script>'

Navigation

Suggest Exploit

Services By CQR