501 matches found
CVE-2023-0677 Cross-site Scripting (XSS) - Reflected in phpipam/phpipam
Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1...
CVE-2023-0676 Cross-site Scripting (XSS) - Reflected in phpipam/phpipam
Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1...
Improper authorization
Description In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify i...
Cross Site Scripting (XSS) Reflected
Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in line 94-9...
phpIPAM < 1.5.0 Multiple Vulnerabilities
phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...
CVE-2022-3845
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2022-3845
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...
Cross site scripting
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2022-3845 phpipam Import Preview import-load-data.php cross site scripting
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2022-3845
CVE-2022-3845 affects phpIPAM, specifically the Import Preview Handler. The vulnerability concerns an unknown functionality in the file app/admin/import-export/import-load-data.php which can be manipulated to trigger cross-site scripting (XSS). It is exploitable remotely and is tied to the phpIPA...
phpIPAM 跨站脚本漏洞
phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in phpIPAM that stems from a cross-site scripting issue with unknown functionality in the app/admin/import-export/import-load-data.php file of the Import Preview Handler component...
CVE-2022-3845 phpipam Import Preview import-load-data.php cross site scripting
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...
phpIPAM header injection vulnerability
phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM version 1.5.0 is vulnerable to header injection, which stems from a lack of validation of input data in component/admin/subnets/ripe-query.php, and can be exploited by attackers to cause header injection...
phpIPAM <= 1.5.2 SSRF Vulnerability
phpIPAM is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-41443
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...
CVE-2022-41443
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...
CVE-2022-41443
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...
Design/Logic Flaw
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...
CVE-2022-41443
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...
CVE-2022-41443
CVE-2022-41443 affects phpIPAM 1.5.0, where the vulnerability exists in the component /admin/subnets/ripe-query.php. The root cause is header injection due to inadequate input validation, enabling attackers to inject/modify HTTP headers. The NVD entry lists a high-severity impact (C/H, I/H, A/H) ...