216.73.217.64

CVE-2024-10720

· Published 20/03/2025 10:15 · Modified 20/03/2025 10:15

Labels: CVE-2024-10720 2025-03-20CVE-2024-10720CWE-79[email protected]

Essential information

Published
20/03/2025 10:15
Modified
20/03/2025 10:15
Author
Creator
CVSS
8.2 HIGH (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H

CVSS metrics

Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
phpipam / phpipam cpe:2.3:a:phpipam:phpipam:1.5.2:*:*:*:*:*:*:*
phpipam / phpipam cpe:2.3:a:phpipam:phpipam:<1.7.0:*:*:*:*:*:*

References