CVE-2024-10724 Information

Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2 specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0.

Reference

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 https://huntr.com/bounties/0746e357-fcc7-44db-b8e7-857875c54999