CVE-2024-41353 – CVE-2024-41353 is a cross-site scripting (XSS) ... (How to Fix)

Q: What is the severity of CVE-2024-41353?

CVE-2024-41353 has a CVSS score of 7.1 (HIGH). CVE-2024-41353 is a cross-site scripting (XSS) vulnerability in phpipam 1.6 that allows attackers to inject malicious scripts into the group editing interface. This affects administrators who use the vulnerable phpipam installation. Successful exploitation could lead to session hijacking or unauthorized actions.

📋 TL;DR

CVE-2024-41353 is a cross-site scripting (XSS) vulnerability in phpipam 1.6 that allows attackers to inject malicious scripts into the group editing interface. This affects administrators who use the vulnerable phpipam installation. Successful exploitation could lead to session hijacking or unauthorized actions.

💻 Affected Systems

Products:

phpipam

Versions: 1.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the admin group editing interface at app/admin/groups/edit-group.php

📦 What is this software?

Phpipam by Phpipam

View all CVEs affecting Phpipam →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, gain full administrative access to phpipam, and potentially compromise the entire IP address management system and connected infrastructure.

🟠

Likely Case

Attackers could perform session hijacking to modify network configurations, create unauthorized users, or exfiltrate sensitive IP address management data.

🟢

If Mitigated

With proper input validation and output encoding, the attack would be prevented, though the vulnerable endpoint would remain accessible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative access to the group editing interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.1 or later

Vendor Advisory: https://github.com/phpipam/phpipam/issues/4147

Restart Required: No

Instructions:

1. Backup your phpipam installation and database. 2. Download the latest version from the official repository. 3. Replace the vulnerable file app/admin/groups/edit-group.php with the patched version. 4. Verify the fix by testing the group editing functionality.

🔧 Temporary Workarounds

Input Validation Workaround

all

Add input sanitization to the edit-group.php file to filter malicious scripts

# Edit app/admin/groups/edit-group.php and add proper input validation

🧯 If You Can't Patch

Restrict access to the admin group editing interface using network segmentation or firewall rules
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check if your phpipam version is 1.6 and if the file app/admin/groups/edit-group.php exists without proper input validation

Check Version:

grep 'version' /path/to/phpipam/functions/classes/class.Common.php | grep -o '[0-9]\.[0-9]'

Verify Fix Applied:

Test the group editing functionality with XSS payloads and verify they are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to edit-group.php with script tags or JavaScript payloads
Multiple failed login attempts followed by group editing requests

Network Indicators:

HTTP requests containing script tags or JavaScript in group editing parameters

SIEM Query:

source="phpipam_logs" AND (uri="/app/admin/groups/edit-group.php" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-41353

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: July 26, 2024

Last Updated: April 23, 2025

🔗 References

https://github.com/phpipam/phpipam/issues/4147 Exploit,Issue Tracking,Vendor Advisory
https://github.com/phpipam/phpipam/issues/4147 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41353, you might also want to check these: