Stored Cross-Site Scripting Vulnerability in phpipam by phpipam
CVE-2024-10719

2.4LOW

Key Information:

Vendor

PHPipam

Status
PHPipam/PHPipam
Vendor
CVE Published:
20 March 2025

What is CVE-2024-10719?

A stored cross-site scripting (XSS) vulnerability in phpipam version 1.5.2 can be exploited when an attacker injects malicious scripts through the 'option' parameter in a POST request to /phpipam/app/admin/circuits/edit-options-submit.php. This allows the injected script to execute in the user's browser, potentially leading to serious security breaches such as cookie theft and unauthorized access to sensitive files. The issue has been resolved in phpipam version 1.7.0.

Affected Version(s)

phpipam/phpipam < 1.7.0

References

https://huntr.com/bounties/56aba8cb-4da1-44b4-8c4d-c5ba00...
https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a64...

CVSS V3.0

Score:
2.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.