CVE-2024-50857 identifies a Cross-Site Scripting (XSS) vulnerability within the ip_do_job request handler of GestioIP version 3.5.7, a network IP address management tool. The vulnerability stems from insufficient sanitization of user-supplied input, allowing malicious scripts to be injected and executed in the context of authenticated users. Successful exploitation requires the attacker to have specific user permissions within the application and involves user interaction, such as clicking a crafted link or submitting malicious input. The XSS flaw enables attackers to exfiltrate sensitive data accessible to the victim, including session tokens or other credentials, and facilitates Cross-Site Request Forgery (CSRF) attacks by leveraging the victim's authenticated session. The vulnerability affects confidentiality and integrity but does not impact system availability. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) reflects network attack vector, low attack complexity, high privileges required, user interaction needed, and a scope change due to potential session hijacking or privilege escalation within the application context. No public exploits or patches are currently available, indicating the need for proactive mitigation by administrators.

The primary impact of CVE-2024-50857 is on the confidentiality and integrity of data within GestioIP environments. Attackers exploiting this vulnerability can steal sensitive information such as session cookies, user credentials, or configuration data, potentially leading to unauthorized access or privilege escalation. The ability to perform CSRF attacks further increases the risk by enabling attackers to execute unauthorized actions on behalf of legitimate users. Although availability is not directly affected, the compromise of user sessions and data integrity can disrupt normal operations and trust in the system. Organizations relying on GestioIP for IP address management may face increased risk of targeted attacks, especially if users with elevated permissions are compromised. The requirement for specific user permissions and user interaction limits the attack surface but does not eliminate the threat, particularly in environments with many privileged users or where social engineering is feasible.

To mitigate CVE-2024-50857, organizations should first verify if they are running GestioIP version 3.5.7 and restrict access to trusted users only. Since no official patch is currently available, administrators should implement input validation and output encoding on the ip_do_job request parameters to prevent script injection. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the application context. Limit the number of users with elevated permissions and enforce the principle of least privilege to reduce the risk of exploitation. Educate users about the risks of clicking on suspicious links or submitting untrusted input. Monitor application logs for unusual activity indicative of XSS or CSRF attempts. Consider deploying Web Application Firewalls (WAFs) with rules targeting XSS payloads specific to GestioIP. Stay alert for official patches or updates from GestioIP developers and apply them promptly once released.