CVE-2024-10720
Stored Cross-site Scripting (XSS) in phpipam/phpipam
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H
Productos afectados
phpipam · phpipam/phpipam¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →