Vulnerability Details CVE-2024-10720
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 8.2
References
Products affected by CVE-2024-10720
-
cpe:2.3:a:phpipam:phpipam:-
-
cpe:2.3:a:phpipam:phpipam:0.1
-
cpe:2.3:a:phpipam:phpipam:0.2
-
cpe:2.3:a:phpipam:phpipam:0.3
-
cpe:2.3:a:phpipam:phpipam:0.4
-
cpe:2.3:a:phpipam:phpipam:0.5
-
cpe:2.3:a:phpipam:phpipam:0.6
-
cpe:2.3:a:phpipam:phpipam:0.7
-
cpe:2.3:a:phpipam:phpipam:0.8
-
cpe:2.3:a:phpipam:phpipam:0.9
-
cpe:2.3:a:phpipam:phpipam:1.0
-
cpe:2.3:a:phpipam:phpipam:1.1
-
cpe:2.3:a:phpipam:phpipam:1.1.010
-
cpe:2.3:a:phpipam:phpipam:1.2
-
cpe:2.3:a:phpipam:phpipam:1.3
-
cpe:2.3:a:phpipam:phpipam:1.3.1
-
cpe:2.3:a:phpipam:phpipam:1.3.2
-
cpe:2.3:a:phpipam:phpipam:1.4
-
cpe:2.3:a:phpipam:phpipam:1.4.1
-
cpe:2.3:a:phpipam:phpipam:1.4.2
-
cpe:2.3:a:phpipam:phpipam:1.4.3
-
cpe:2.3:a:phpipam:phpipam:1.4.4
-
cpe:2.3:a:phpipam:phpipam:1.4.5
-
cpe:2.3:a:phpipam:phpipam:1.4.6
-
cpe:2.3:a:phpipam:phpipam:1.4.7
-
cpe:2.3:a:phpipam:phpipam:1.5.0
-
cpe:2.3:a:phpipam:phpipam:1.5.1
-
cpe:2.3:a:phpipam:phpipam:1.5.2
-
cpe:2.3:a:phpipam:phpipam:1.6