CVE-2024-10721

Name of the Vulnerable Software and Affected Versions phpipam/phpipam version 1.5.2

Description A stored cross-site scripting (XSS) vulnerability was discovered in the circuits options page, specifically at the endpoint https://demo.phpipam.net/tools/circuits/options/. This issue allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites.

Recommendations For phpipam/phpipam version 1.5.2, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the circuits options page until the update is applied.