Lucene search

@huntrdevCVE-2023-0676

HistoryFeb 04, 2023 - 1:15 p.m.

CVE-2023-0676

2023-02-0413:15:12

CWE-79

@huntrdev

web.nvd.nist.gov

cve

2023

0676

cross-site scripting

xss

github

phpipam

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.

Affected configurations

Nvd

Node

phpipamphpipamRange<1.5.1

VendorProductVersionCPE
phpipamphpipam*cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpipam	phpipam	*	cpe:2.3:a:phpipam:phpipam::::::::

CNA Affected

[
  {
    "vendor": "phpipam",
    "product": "phpipam/phpipam",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.5.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec

huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Related for CVE-2023-0676