CVE-2024-50859 identifies a reflected Cross-Site Scripting (XSS) vulnerability in the ip_import_acl_csv request handler of GestioIP version 3.5.7, a web-based IP address management tool. The vulnerability arises when the application processes an improperly formatted CSV file uploaded by a user. Instead of sanitizing or encoding the file content, the application reflects this content directly in the HTML response. This behavior allows an attacker to craft malicious CSV files containing executable JavaScript code. When a victim user uploads or interacts with such a file, the malicious script executes in their browser context. This can lead to unauthorized actions such as stealing session cookies, performing actions on behalf of the user, or exfiltrating sensitive data. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS 3.1 vector indicates network attack vector (AV:N), low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), affecting confidentiality and integrity with no impact on availability. No patches or exploits are currently publicly available, but the risk remains for organizations running the affected version. Proper input validation and output encoding are critical to prevent exploitation.

The primary impact of CVE-2024-50859 is on the confidentiality and integrity of data within organizations using GestioIP 3.5.7. Successful exploitation could allow attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized data access, or manipulation of IP address management data. While availability is not affected, the breach of confidentiality and integrity could compromise network management operations and trust in the system. Since the vulnerability requires authenticated access and user interaction, the attack surface is somewhat limited but still significant in environments where multiple users have access to GestioIP. Organizations managing critical network infrastructure or sensitive IP data could face operational disruptions or data leakage. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent future exploitation.

To mitigate CVE-2024-50859, organizations should implement strict input validation and sanitization on the ip_import_acl_csv upload functionality to ensure that any CSV content is properly escaped or encoded before being reflected in HTML responses. Employing Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting script execution sources. Additionally, restricting file upload permissions to only trusted users and monitoring upload activity can reduce exposure. Applying the principle of least privilege to GestioIP user roles minimizes the risk posed by high privilege requirements. Organizations should also monitor vendor communications for patches or updates addressing this vulnerability and apply them promptly once available. In the interim, educating users about the risks of uploading untrusted files and implementing web application firewalls (WAFs) with XSS detection rules can provide additional layers of defense.