CVE-2024-41356 – phpipam 1.6 contains a cross-site scripting vul... (How to Fix)

Q: What is the severity of CVE-2024-41356?

CVE-2024-41356 has a CVSS score of 4.7 (MEDIUM). phpipam 1.6 contains a cross-site scripting vulnerability in the firewall zone network editing interface. This allows attackers to inject malicious scripts that execute in victims' browsers when they visit the vulnerable page. Administrators using phpipam 1.6 for network management are affected.

📋 TL;DR

phpipam 1.6 contains a cross-site scripting vulnerability in the firewall zone network editing interface. This allows attackers to inject malicious scripts that execute in victims' browsers when they visit the vulnerable page. Administrators using phpipam 1.6 for network management are affected.

💻 Affected Systems

Products:

phpipam

Versions: Version 1.6

Operating Systems: Any OS running phpipam

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the firewall zones editing interface.

📦 What is this software?

Phpipam by Phpipam

View all CVEs affecting Phpipam →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator session hijacking leading to full application compromise, credential theft, or malware distribution to other users.

🟠

Likely Case

Session hijacking of authenticated users, defacement of the application interface, or credential harvesting.

🟢

If Mitigated

Limited to interface disruption if input validation and output encoding are properly implemented elsewhere.

🌐 Internet-Facing: MEDIUM - Exploitable if application is exposed to internet, but requires user interaction with malicious content.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to pivot within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities are commonly exploited with simple payloads, but this requires authenticated access to the specific interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issue #4146 for specific commit/fix version

Vendor Advisory: https://github.com/phpipam/phpipam/issues/4146

Restart Required: No

Instructions:

1. Check GitHub issue #4146 for the specific fix commit. 2. Apply the patch to app/admin/firewall-zones/zones-edit-network.php. 3. Verify proper input validation and output encoding are implemented.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user input in the affected file.

Edit app/admin/firewall-zones/zones-edit-network.php to add proper input sanitization

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

Add Content-Security-Policy header to web server configuration

🧯 If You Can't Patch

Restrict access to the firewall zones interface to only necessary administrators
Implement web application firewall rules to detect and block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check if running phpipam version 1.6 and review zones-edit-network.php for lack of input sanitization.

Check Version:

Check phpipam version in web interface or configuration files

Verify Fix Applied:

Test the firewall zones editing interface with XSS payloads to ensure they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to zones-edit-network.php with script tags or JavaScript code
Multiple failed authentication attempts followed by access to firewall zones

Network Indicators:

HTTP requests containing script tags or JavaScript in parameters to the vulnerable endpoint

SIEM Query:

web.url:*/zones-edit-network.php AND (http.method:POST AND (web.param:*<script* OR web.param:*javascript:*))

📊 Metadata

CVE ID: CVE-2024-41356

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE: CWE-79

Published: July 26, 2024

Last Updated: April 23, 2025

🔗 References

https://github.com/phpipam/phpipam/issues/4146 Exploit,Issue Tracking,Vendor Advisory
https://github.com/phpipam/phpipam/issues/4146 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41356, you might also want to check these: