CVE-2024-10727

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10727

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10727.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10727

Published

2025-03-20T10:15:19.633Z

Modified

2025-11-20T12:23:03.462667Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.

References

Affected packages

Git / github.com/phpipam/phpipam

Affected ranges

Type: GIT
Repo: https://github.com/phpipam/phpipam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c1697bb6c4e4a6403d69c0868e1eb1040f98b731

Affected versions

v1.*

v1.16.003

v1.19.008

v1.2.0

v1.2.0_beta2

v1.3.0

v1.3.2

v1.4.0

v1.5.0

v1.6.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10727.json"