CVE-2024-10722: Stored Cross-site Scripting (XSS) in phpipam/phpipam

3.5 CVSS

Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can lead to data theft, account compromise, distribution of malware, website defacement, content manipulation, and phishing attacks. The issue is fixed in version 1.7.0.

Classification

CVE ID: CVE-2024-10722

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected Products

Vendor: phpipam

Product: phpipam/phpipam

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.77% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10722
https://huntr.com/bounties/f0bc97b2-33a9-4b15-aa05-ff7c57624847
https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731

Timeline

2025-03-20 11:40:14 UTC
CVE

Stored Cross-site Scripting (XSS) in phpipam/phpipam