Stored Cross-Site Scripting Vulnerability in phpipam by phpipam
CVE-2024-10723

3.5LOW

Key Information:

Vendor: PHPipam
Status: PHPipam/PHPipam
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-10723?

A stored cross-site scripting vulnerability exists in phpipam, allowing attackers to inject malicious scripts into the NAT tool's destination address field. User interaction may trigger the execution of these scripts, leading to potential cookie theft, unauthorized access to accounts, and redirection to harmful sites. The vulnerability has been resolved in phpipam version 1.7.0, reinforcing the importance of upgrading to maintain security.

Affected Version(s)

phpipam/phpipam < 1.7.0

References

https://huntr.com/bounties/9af99057-e4f6-4d07-b3bb-3213b9...

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a64...

CVSS V3.0

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 1, 2024

PHPipam

What is CVE-2024-10723?

Affected Version(s)

References

CVSS V3.0

Timeline