CVE-2024-10723 LOW

CVE-2024-10723: Stored XSS in phpipam/phpipam

Vendor Phpipam

Product phpipam/phpipam

Weakness CWE-79 · XSS

Published March 20, 2025

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this vulnerability includes the potential theft of user cookies, unauthorized access to user accounts, and redirection to malicious websites. The issue has been fixed in version 1.7.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published

March 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10723

Related vulnerabilities

CVE-2024-10723: Stored XSS in phpipam/phpipam

01Description

02Disclosure timeline

03References

04Related CVE