CVE-2024-10722 LOW

CVE-2024-10722: Stored Cross-site Scripting (XSS) in phpipam/phpipam

Vendor Phpipam
Product phpipam/phpipam
Weakness CWE-79 · XSS
Published March 20, 2025
Last update March 20, 2025
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can lead to data theft, account compromise, distribution of malware, website defacement, content manipulation, and phishing attacks. The issue is fixed in version 1.7.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-24127 Typemill has Reflected XSS via login error view template CVE-2024-48022 WordPress Shortcode For Elementor Templates plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2015-10098 Broken Link Checker Plugin ui_get_action_links cross site scripting CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' CVE-2024-4072 Kashipara Online Furniture Shopping Ecommerce Website search.php cross site scripting