CVE-2024-10724

Stored XSS in IPV6 Section in phpipam/phpipam

CVSS 3.5 LOWEPSS 0.3%CWE-79

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected products

phpipam · phpipam/phpipam

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 https://huntr.com/bounties/0746e357-fcc7-44db-b8e7-857875c54999