CVE-2024-50861 identifies a stored cross-site scripting (XSS) vulnerability in GestioIP version 3.5.7, specifically within the ip_mod_dns_key_form.cgi request handler. The vulnerability arises because the application fails to properly sanitize or encode user input submitted to the "TSIG Key" field. This field's content is stored persistently in the backend database and rendered in the user interface without adequate output encoding, allowing malicious JavaScript payloads to execute in the context of authenticated users who view the affected page. The attack vector is remote and does not require authentication (AV:N, PR:N), but user interaction is necessary to trigger the payload (UI:R). The vulnerability impacts confidentiality and integrity by enabling data exfiltration and CSRF attacks, as attackers can steal session tokens or perform unauthorized actions on behalf of users. The scope is changed (S:C) because the vulnerability affects data beyond the attacker’s privileges, potentially impacting other users. The CVSS 3.1 base score is 6.1, reflecting medium severity. There are no known public exploits or patches available at the time of publication, increasing the urgency for organizations to implement mitigations. The vulnerability is classified under CWE-79, a common and well-understood web application security issue.

The primary impact of CVE-2024-50861 is the compromise of user confidentiality and integrity within GestioIP environments. Successful exploitation allows attackers to execute arbitrary JavaScript in the context of other users’ browsers, potentially leading to theft of sensitive information such as authentication tokens, personal data, or administrative credentials. Additionally, attackers can perform CSRF attacks, causing users to unknowingly execute unauthorized commands or configuration changes within the GestioIP application. This can disrupt network management operations or expose network infrastructure details. Since GestioIP is used for IP address management and DNS infrastructure, exploitation could indirectly affect network stability and security posture. The vulnerability does not directly impact availability but can facilitate further attacks that degrade service or compromise network integrity. Organizations relying on GestioIP 3.5.7 without mitigation are at risk of targeted attacks, especially in environments where multiple users access the management interface.

To mitigate CVE-2024-50861, organizations should first check for official patches or updates from GestioIP and apply them promptly once available. In the absence of patches, implement strict input validation and output encoding on the "TSIG Key" field to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the application context. Limit user permissions to reduce the impact of potential XSS exploitation, ensuring that only trusted users can modify sensitive fields. Regularly audit and sanitize existing database entries for injected scripts. Additionally, educate users to avoid clicking suspicious links or viewing untrusted content within the GestioIP interface. Deploy web application firewalls (WAFs) with rules targeting XSS payloads to provide an additional layer of defense. Monitor application logs for unusual activities indicative of exploitation attempts. Finally, consider isolating the GestioIP management interface within a secure network segment to reduce exposure.