cbcvebase.
CVE-2024-10724
published 2025-03-20

CVE-2024-10724: A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the…

PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.32%
23.2th percentile
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
phpipamphpipam< 1.7.01.7.0
phpipamphpipam_phpipam>= unspecified < 1.7.01.7.0

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.03.5LOWCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.