Stored Cross-Site Scripting Vulnerability in phpipam by phpipam
CVE-2024-10725

3.5LOW

Key Information:

Vendor: PHPipam
Status: PHPipam/PHPipam
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-10725?

A stored cross-site scripting vulnerability exists in phpipam version 1.5.2, allowing attackers to inject malicious scripts into the application. This flaw occurs during the editing of NAT destination addresses, where user input fails to undergo proper sanitization. Consequently, when users view the compromised pages, the scripts execute within their context, potentially leading to serious issues such as data theft and account compromise. Mitigation has been implemented in version 1.7.0.

Affected Version(s)

phpipam/phpipam < 1.7.0

References

https://huntr.com/bounties/343465fa-6dec-40af-a012-7b118e...

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a64...

CVSS V3.0

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 1, 2024

PHPipam

What is CVE-2024-10725?

Affected Version(s)

References

CVSS V3.0

Timeline