Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310126379HistoryMar 09, 2023 - 12:00 a.m.
phpIPAM < 1.5.2 XSS Vulnerability
2023-03-0900:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
6
phpipam
xss
vulnerability
cross-site scripting
update
version 1.5.2
security issue
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.02
Percentile
89.1%
phpIPAM is prone to a cross-site scripting (XSS)
vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:phpipam:phpipam";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126379");
script_version("2023-10-13T05:06:10+0000");
script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-03-09 10:28:10 +0000 (Thu, 09 Mar 2023)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-03-14 19:18:00 +0000 (Tue, 14 Mar 2023)");
script_cve_id("CVE-2023-24657");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("phpIPAM < 1.5.2 XSS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_phpipam_http_detect.nasl");
script_mandatory_keys("phpipam/detected");
script_tag(name:"summary", value:"phpIPAM is prone to a cross-site scripting (XSS)
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Reflected cross-site scripting is executed by exploiting
parameter 'closeClass'.");
script_tag(name:"affected", value:"phpIPAM prior to version 1.5.2.");
script_tag(name:"solution", value:"Update to version 1.5.2 or later.");
script_xref(name:"URL", value:"https://github.com/phpipam/phpipam/issues/3738");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "1.5.2")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.5.2", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
References
Related
nvd
nvd
CVE-2023-24657
2023-03-08 06:15:44
cve
cve
CVE-2023-24657
2023-03-08 06:15:44
prion
prion
Cross site scripting
2023-03-08 06:15:00
cvelist
cvelist
CVE-2023-24657
2023-03-08 00:00:00
osv
osv
CVE-2023-24657
2023-03-08 06:15:44
nuclei
nuclei
phpIPAM - 1.6 - Cross-Site Scripting
2023-03-31 11:28:24
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.02
Percentile
89.1%
Related for OPENVAS:1361412562310126379