CVE-2024-10727

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10727

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10727.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10727

Published

2025-03-20T10:15:19.633Z

Modified

2026-03-14T12:30:19.152689Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.

References

Affected packages

Git / github.com/phpipam/phpipam

Affected ranges

Type

GIT

Repo

https://github.com/phpipam/phpipam

Events

Introduced

f8c651de07f9cb48f93feb76386ac5b54b404e81

Last affected

0e9ec21c9d95f2bfcf91ffa93da4c4d470821421

Fixed

c1697bb6c4e4a6403d69c0868e1eb1040f98b731

Database specific

{
    "versions": [
        {
            "introduced": "1.5.0"
        },
        {
            "last_affected": "1.6"
        }
    ]
}

Affected versions

v1.*

v1.5.0

v1.6.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10727.json"