A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this vulnerability includes the potential theft of user cookies, unauthorized access to user accounts, and redirection to malicious websites. The issue has been fixed in version 1.7.0.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 28 May 2025 21:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Phpipam Phpipam phpipam | |
| CPEs | cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:* | |
| Vendors & Products | Phpipam Phpipam phpipam | |
| Metrics | cvssV3_1 
 | 
Thu, 20 Mar 2025 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Thu, 20 Mar 2025 10:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this vulnerability includes the potential theft of user cookies, unauthorized access to user accounts, and redirection to malicious websites. The issue has been fixed in version 1.7.0. | |
| Title | Stored XSS in phpipam/phpipam | |
| Weaknesses | CWE-79 | |
| References |  | |
| Metrics | cvssV3_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: @huntr_ai
Published: 2025-03-20T10:09:23.803Z
Updated: 2025-03-20T18:55:33.336Z
Reserved: 2024-11-01T23:23:05.376Z
Link: CVE-2024-10723
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-03-20T17:51:08.118Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-03-20T10:15:19.267
Modified: 2025-05-28T20:34:48.120
Link: CVE-2024-10723
 Redhat
                        Redhat
                    No data.