CVE-2024-10725
Last modified
CVE-2024-10725 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT destination address, where user input is not properly sanitized. This can lead to data theft, account compromise, and other malicious activities. The vulnerability is fixed in version 1.7.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpipam | Phpipam | < 1.7.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-10725?
How severe is CVE-2024-10725?
How do I fix CVE-2024-10725?
Are you affected by CVE-2024-10725?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST