CVE-2024-41357: phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.

7.1 CVSS

Description

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

Vendor: n/a

Product: n/a

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.49% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

2025-04-16 15:40:21 UTC
CVE

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.