Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts via the 'option' parameter in the POST request to /phpipam/app/admin/circuits/edit-options-submit.php. The injected script can be executed in the context of the user's browser, leading to potential cookie theft and end-user file disclosure. The issue is fixed in version 1.7.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpipam | Phpipam | < 1.7.0 |
Related Weaknesses (CWE)
References
- https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b7Patch
- https://huntr.com/bounties/56aba8cb-4da1-44b4-8c4d-c5ba00ea3670ExploitThird Party Advisory
FAQ
What is CVE-2024-10719?
CVE-2024-10719 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts...
How severe is CVE-2024-10719?
CVE-2024-10719 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-10719?
Check the references section above for vendor advisories and patch information. Affected products include: Phpipam Phpipam.