CVE Catalog

CVE-2025-61078

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

A cross-site scripting (XSS) vulnerability was found in phpIPAM v1.7.3 in the Request IP form. It allows remote attackers to inject arbitrary web script or HTML via the instructions parameter at the /app/admin/instructions/edit-result.php endpoint.

Risk Assessment

An attacker can steal user sessions, redirect victims to malicious sites, or perform other actions in the victim's browser context, compromising data confidentiality and integrity.

Recommendation

Update phpIPAM to the latest patched version immediately. Also implement input validation and output encoding for the instructions parameter.

Original NVD description (English source)

Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS