cbcvebase.
CVE-2024-10723
published 2025-03-20

CVE-2024-10723: A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious…

PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.32%
23.2th percentile
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this vulnerability includes the potential theft of user cookies, unauthorized access to user accounts, and redirection to malicious websites. The issue has been fixed in version 1.7.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
phpipamphpipam< 1.7.01.7.0
phpipamphpipam_phpipam>= unspecified < 1.7.01.7.0

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.03.5LOWCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.