CVE-2024-10725 LOW

CVE-2024-10725: Stored Cross-site Scripting (XSS) in phpipam/phpipam

Vendor Phpipam
Product phpipam/phpipam
Weakness CWE-79 · XSS
Published March 20, 2025
Last update March 20, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT destination address, where user input is not properly sanitized. This can lead to data theft, account compromise, and other malicious activities. The vulnerability is fixed in version 1.7.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated