Security Advisory

CVE-2024-10720

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:32
Last updated 2025-03-20 18:20:08
Assigner @huntr_ai
State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the Device Management section under Administration where an attacker can inject malicious scripts into the Name and Description fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.