CVE-2024-10720

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-79
View all →

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.

Related Vulnerabilities

CVE-2016-8356

HIGH
CVSS:8.2(High)

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabiliti...

CWE-792016

CVE-2017-2683

HIGH
CVSS:8.2(High)

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining...

CWE-792017

CVE-2018-20850

HIGH
CVSS:8.2(High)

Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.

CWE-792018

CVE-2019-18426

HIGH
CVSS:8.2(High)

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnera...

CWE-792019

CVE-2020-14582

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulne...

CWE-792020

CVE-2020-14584

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable ...

CWE-792020