CVE-2024-10727

MEDIUM

Phpipam < 1.6 - XSS

Title source: rule

Description

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.

References (2)

Core 2

Core References

Patch

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731

View Patch ZIP pw:eip

Exploit

https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d

Scores

CVSS v3 6.1

EPSS 0.0014

EPSS Percentile 34.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

phpipam/phpipam 1.5.0 - 1.6

Published Mar 20, 2025

Tracked Since Feb 18, 2026