CVE-2024-10720 HIGH

CVE-2024-10720: Stored Cross-site Scripting (XSS) in phpipam/phpipam

Vendor Phpipam
Product phpipam/phpipam
Weakness CWE-79 · XSS
Published March 20, 2025
Last update March 20, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated