{"vulnerability": "cve-2024-5085", "sightings": [{"uuid": "7fa067be-ff40-4817-8f2a-119c18261072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50852", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113476241379522105", "content": "", "creation_timestamp": "2024-11-13T15:00:31.209621Z"}, {"uuid": "691a6415-81f8-4bb8-8847-5004355ebe80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50853", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113476241396090050", "content": "", "creation_timestamp": "2024-11-13T15:00:31.602552Z"}, {"uuid": "c384bba3-7fe2-48ad-9439-03f90a51cdd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50854", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113476241410873305", "content": "", "creation_timestamp": "2024-11-13T15:00:32.334018Z"}, {"uuid": "2f5255f0-e624-4566-aaf7-e48272eb4eaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50858", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113833626963845673", "content": "", "creation_timestamp": "2025-01-15T17:48:23.120980Z"}, {"uuid": "fc323854-4a9e-48d0-85f5-4e97bb997816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50857", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m5ezvpy6au23", "content": "", "creation_timestamp": "2025-11-11T21:02:37.618899Z"}, {"uuid": "fb4f3f98-3adc-44f6-9b65-9f73bd6e57a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50857", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-50857.yaml", "content": "", "creation_timestamp": "2025-11-11T07:11:14.000000Z"}, {"uuid": "100c2483-655c-4d53-ab1b-25a9c0b64f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50859", "type": "seen", "source": "https://t.me/cvedetector/15377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50859 - GestiolP Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-50859 \nPublished : Jan. 14, 2025, 10:15 p.m. | 36\u00a0minutes ago \nDescription : The ip_import_acl_csv request in GestiolP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T00:03:20.000000Z"}, {"uuid": "908beacb-0438-4a86-9958-09985d99b689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50857", "type": "seen", "source": "https://t.me/cvedetector/15375", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50857 - GestiolP XSS Attack\", \n  \"Content\": \"CVE ID : CVE-2024-50857 \nPublished : Jan. 14, 2025, 10:15 p.m. | 36\u00a0minutes ago \nDescription : The ip_do_job request in GestiolP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T00:03:15.000000Z"}, {"uuid": "309e7aae-eda7-44f7-9ef6-3f41e66a6981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50857", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1869", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50857\n\ud83d\udd39 Description: The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.\n\ud83d\udccf Published: 2025-01-14T00:00:00\n\ud83d\udccf Modified: 2025-01-15T20:04:28.764Z\n\ud83d\udd17 References:\n1. https://github.com/muebel/gestioip-docker-compose\n2. http://www.gestioip.net\n3. https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857", "creation_timestamp": "2025-01-15T20:55:12.000000Z"}, {"uuid": "67f83755-231d-4187-8652-b882bd466f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50858", "type": "seen", "source": "https://t.me/cvedetector/15376", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50858 - GestiolP CSRF Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-50858 \nPublished : Jan. 14, 2025, 10:15 p.m. | 36\u00a0minutes ago \nDescription : Multiple endpoints in GestiolP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T00:03:19.000000Z"}, {"uuid": "588fbc41-4330-49d8-a7a3-d58909175c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50854", "type": "seen", "source": "https://t.me/cvedetector/10820", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50854 - Tenda G3 Remote Code Execution (Stack Overflow)\", \n  \"Content\": \"CVE ID : CVE-2024-50854 \nPublished : Nov. 13, 2024, 3:15 p.m. | 38\u00a0minutes ago \nDescription : Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T17:13:29.000000Z"}, {"uuid": "dc46b3c2-e4f4-4f22-b384-78bff8b79525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50853", "type": "seen", "source": "https://t.me/cvedetector/10824", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50853 - Tenda G3 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50853 \nPublished : Nov. 13, 2024, 3:15 p.m. | 38\u00a0minutes ago \nDescription : Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T17:13:32.000000Z"}, {"uuid": "b44cf131-a450-4ab3-a51c-a1be5fd8778d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50852", "type": "seen", "source": "https://t.me/cvedetector/10823", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50852 - Tenda Router Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50852 \nPublished : Nov. 13, 2024, 3:15 p.m. | 38\u00a0minutes ago \nDescription : Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T17:13:31.000000Z"}]}