Stored Cross-Site Scripting Vulnerability in phpipam by phpipam
CVE-2024-10721
5.4MEDIUM
What is CVE-2024-10721?
A stored cross-site scripting (XSS) flaw was identified in phpipam, allowing attackers to inject malicious scripts into the application. This vulnerability affects the circuits options page, enabling an attacker to execute harmful scripts for users browsing this page. The scripts can steal session cookies, grant unauthorized access to user accounts, and redirect users to harmful sites. Affected users should upgrade to version 1.7.0, which addresses this critical issue.
Affected Version(s)
phpipam/phpipam < 1.7.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
CVSS V3.0
Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved