CVE-2024-10722

Name of the Vulnerable Software and Affected Versions phpipam/phpipam version 1.5.2 phpipam/phpipam versions prior to 1.7.0

Description A stored cross-site scripting (XSS) issue exists, allowing attackers to inject malicious scripts into the Description field of custom fields in the "IP RELATED MANAGEMENT" section. This can lead to data theft, account compromise, distribution of malware, website defacement, content manipulation, and phishing attacks.

Recommendations For version 1.5.2, update to version 1.7.0 to resolve the issue. For versions prior to 1.7.0, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the "IP RELATED MANAGEMENT" section until a patch is available. Avoid using the Description field in the custom fields of the "IP RELATED MANAGEMENT" section until the issue is resolved.