Vulnerabilities > CVE-2024-10727 - Unspecified vulnerability in PHPipam

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

phpipam

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.

Vulnerable Configurations

Part	Description	Count
Application	Phpipam Phpipam Phpipam 1.5.0 Phpipam Phpipam 1.5.1 Phpipam Phpipam 1.5.2 Phpipam Phpipam 1.6	4

References

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731
https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d
https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d