Primary

Context

phpipam Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in phpipam/phpipam version 1.5.2. This vulnerability allows attackers to inject malicious scripts that are executed in the context of users viewing the affected page. The issue arises on the circuits options page. Exploitation of this vulnerability could lead to cookie theft, unauthorized access to user accounts, or redirection to malicious websites. The vulnerability has been addressed in version 1.7.0.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of users viewing the affected page.

Reproduction

The vulnerability can be reproduced by injecting a script into a field that is not properly sanitized before being saved to the database. Once the script is injected, it will be executed when the affected page is viewed.

Remediation

Users are advised to update to phpipam version 1.7.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

6.3

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

6.3

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpipam Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

phpipam

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating