Reflected Cross-Site Scripting Vulnerability in phpipam from phpipam
CVE-2024-10727

6.1MEDIUM

Key Information:

Vendor

PHPipam

Status
PHPipam/PHPipam
Vendor
CVE Published:
20 March 2025

What is CVE-2024-10727?

A reflected cross-site scripting (XSS) vulnerability exists in phpipam versions 1.5.0 through 1.6.0, which enables attackers to inject malicious JavaScript code. When the application processes HTTP requests, it improperly includes the input data in responses without sufficient sanitization. As a result, this flaw can be exploited to execute unauthorized JavaScript in a user's browser, significantly compromising their security and privacy.

Affected Version(s)

phpipam/phpipam < 1.7.0

References

https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f...
https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a64...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.