CVE-2021-35438

phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator...

Cross site scripting

phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator...

CVE-2021-35438

phpIPAM 1.4.3 is vulnerable to a reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php (IP Calculator). The CVE-2021-35438 entry is corroborated by multiple sources (NVD, Red Hat, CNVD, OSV, CVE lists) noting a reflected XSS vulnerability in this specifi...

CVE-2021-35438

phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator...

PT-2021-20911

Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.4.3 Description: The issue allows for Reflected XSS via the IP calculator, specifically through the app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php endpoints. Recommendations: For phpIPAM versi...

phpIPAM 跨站脚本漏洞

phpIPAM is a PHP-based open source ip address management software. A reflected cross-site scripting vulnerability exists in phpIPAM version 1.4.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via app/dashboard/widgets/ipcalc-result.php and...

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

1.42.027-alt1 built Oct. 21, 2020 Alexey Shabalin in task 260176 Oct. 19, 2020 Alexey Shabalin - snapshot of 1.4 branch 0c66d2335a9dd13006c83ed64ae565a4a3cb7f0c - Update jQuery to address three CVE Vulnerabilities - Fixes: + CVE-2020-11022 + CVE-2020-11023 + CVE-2019-11358...

phpIPAM < 1.4.2 XSS Vulnerability

phpIPAM is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam";...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

Cross site scripting

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

CVE-2020-13225 affects phpIPAM 1.4 and is a stored cross-site scripting (XSS) vulnerability in the Edit User Instructions field of the User Instructions widget. The issue arises from insufficient input validation, allowing injected scripts to be stored and potentially executed in the context of t...

phpIPAM cross-site scripting vulnerability (CNVD-2020-34452)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpIPAM version 1.4. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerabili...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

Cross site request forgery (csrf)

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2020-7988

The vulnerability CVE-2020-7988 affects phpIPAM 1.4, where tools/pass-change/result.php is exploitable via CSRF to change passwords for any user/admin due to no requirement to supply the old password and absence of security tokens. This can lead to privilege escalation and access to additional da...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

phpIPAM 1.4 SQL Injection

!/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...