CVE-2024-10724

low

Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0.

References

https://huntr.com/bounties/0746e357-fcc7-44db-b8e7-857875c54999

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731

Details

Source: Mitre, NVD

Published: 2025-03-20

Updated: 2025-03-20

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 3.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00026