CVE-2024-41353 in phpipaminfo

Summary

by MITRE • 07/26/2024

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 04/24/2025

The vulnerability identified as CVE-2024-41353 affects phpipam version 1.6 and represents a cross site scripting flaw located within the administrative groups management component of the application. This specific file app/admin/groups/edit-group.php serves as the entry point where user input is not properly sanitized before being rendered back to the browser, creating an avenue for malicious actors to inject harmful scripts into the application's interface. The vulnerability resides in the application's failure to implement adequate input validation and output encoding mechanisms, which are fundamental security controls that prevent unauthorized script execution within the context of a user's browser session.

This XSS vulnerability operates under CWE-79 which classifies it as a classic cross site scripting attack where malicious code can be injected into web applications through improperly validated user inputs. The flaw allows attackers to execute scripts in the context of other users' browsers, potentially enabling session hijacking, credential theft, or redirection to malicious websites. The administrative context of the vulnerable file significantly amplifies the risk as it provides access to privileged functions and sensitive data management capabilities. Attackers exploiting this vulnerability could manipulate group configurations, potentially gaining elevated privileges or disrupting administrative operations within the ipam system.

The operational impact of this vulnerability extends beyond simple script injection as it can facilitate more sophisticated attacks within the context of the phpipam application. When an authenticated administrator visits the affected page or interacts with the vulnerable group management functionality, the malicious payload executes in their browser context, potentially leading to complete compromise of the administrative interface. This vulnerability aligns with ATT&CK technique T1531 which involves manipulation of the application environment to achieve persistence or privilege escalation. The attack vector is particularly concerning because it requires minimal privileges to exploit, as the vulnerability exists in the administrative interface that may be accessed by users with group management permissions.

Mitigation strategies for CVE-2024-41353 should prioritize immediate patch application from the phpipam vendor to address the root cause of the XSS vulnerability. Organizations should implement comprehensive input validation and output encoding mechanisms throughout the application to prevent similar issues in other components. The implementation of content security policies can provide additional defense in depth against script execution attempts. Security teams should conduct thorough code reviews focusing on user input handling within administrative interfaces and establish automated testing procedures to identify potential XSS vulnerabilities before deployment. Regular security assessments of web applications should include specific checks for improper input sanitization and output encoding practices, particularly in privileged administrative functions where the potential impact of exploitation is greatest.

Responsible

MITRE

Reservation

07/18/2024

Disclosure

07/26/2024

Moderation

accepted

CPE

ready

EPSS

0.00345

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!