Cross-Site Scripting Vulnerability in phpipam
CVE-2024-41357

7.1HIGH

Key Information:

Vendor: phpipam
Status: PHPipam
Vendor: CVE Published:; 26 July 2024

What is CVE-2024-41357?

phpipam version 1.6 contains a Cross-Site Scripting (XSS) vulnerability that arises when improperly sanitized user input is processed via the record-edit.php file in the admin section. Attackers could exploit this flaw by injecting malicious scripts, potentially compromising user sessions and data integrity. Appropriate input validation and sanitation measures are critical to mitigate these risks and protect users from potential attacks.

References

https://github.com/phpipam/phpipam/issues/4149

https://github.com/MarkLee131/awesome-web-pocs/blob/main/...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2024