CVE-2024-10727 Information

Description

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user’s browser potentially leading to full compromise of the user.

Reference

https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d