{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T00:46:45.775","vulnerabilities":[{"cve":{"id":"CVE-2024-10721","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:19.020","lastModified":"2025-04-01T20:35:45.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0."},{"lang":"es","value":"Se descubrió una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en phpipam/phpipam versión 1.5.2. Esta vulnerabilidad permite a un atacante inyectar scripts maliciosos en la aplicación, que pueden ejecutarse en el contexto de otros usuarios que visitan la página afectada. El problema ocurre en la página de opciones de circuitos (https://demo.phpipam.net/tools/circuits/options/). Un atacante puede explotar esta vulnerabilidad para robar cookies, obtener acceso no autorizado a cuentas de usuario o redirigir a usuarios a sitios web maliciosos. La vulnerabilidad se ha corregido en la versión 1.7.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpipam:phpipam:1.5.2:*:*:*:*:*:*:*","matchCriteriaId":"94A1B7BC-541E-4793-ABCF-B38C69F6EA6B"}]}]}],"references":[{"url":"https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}