← Voltar para CVEs
CVE-2024-10721
MEDIUM5.4
Descricao
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0.
Detalhes CVE
Pontuacao CVSS v3.15.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado3/20/2025
Ultima modificacao4/1/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
phpipam:phpipam
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731(security@huntr.dev)
https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8(security@huntr.dev)
https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.