CVE-2024-10723

Name of the Vulnerable Software and Affected Versions phpipam/phpipam version 1.5.2

Description A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam. This issue allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact includes the potential theft of user cookies, unauthorized access to user accounts, and redirection to malicious websites.

Recommendations For version 1.5.2, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the NAT tool to minimize the risk of exploitation. Avoid using the destination address field in the NAT tool until the issue is resolved.