2025-03-20 10:10:32
@huntr_ai
PUBLISHED
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the Device Management section under Administration where an attacker can inject malicious scripts into the Name and Description fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.