CVE-2024-10721 LOW

CVE-2024-10721: Store XSS in phpipam/phpipam

Vendor Phpipam

Product phpipam/phpipam

Weakness CWE-79 · XSS

Published March 20, 2025

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published

March 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10721 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2024-10721: Store XSS in phpipam/phpipam

01Description

02Disclosure timeline

03References

04Related CVE