CVE-2018-10329

app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

PT-2025-49557

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

EUVD-2018-2049

Malware in sbrugna...

EUVD-2018-2048

Malware in sbrugna...

EUVD-2025-7077

Malicious code in bioql PyPI...

CVE-2024-41356

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\firewall-zones\zones-edit-network.php...

CVE-2024-10721

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits...

CVE-2024-10720

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This c...

CVE-2024-10718

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...

CVE-2024-10727 Cross-Site Scripting (XSS) in phpipam/phpipam

A reflected cross-site scripting XSS vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute...

CVE-2024-10722

The CVE-2024-10722 entry concerns phpIPAM (phpipam/phpipam) version 1.5.2, with a stored XSS vulnerability in the Description field of custom fields under IP RELATED MANAGEMENT. The root cause is an input handling issue that allows injection of malicious scripts, leading to potential data theft, ...

CVE-2024-10724 Stored XSS in IPV6 Section in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0...

CVE-2024-10723 Stored XSS in phpipam/phpipam

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this...

CVE-2024-10725 Stored Cross-site Scripting (XSS) in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT...

CVE-2024-0787

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...

PT-2024-5307 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam version 1.6 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the appadminfirewall-zoneszones-edit-network.php script in the phpipam web application for IP address management. The vulnerability...

PT-2024-5278 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam version 1.6 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It exists due to insufficient protection of the web page structure in the appadmingroupsedit-group.php script of the phpipam web application fo...

PT-2022-1466 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: PhpIPAM version 1.4.4 Description: The issue is related to the lack of protection against SQL query structure manipulation when handling the subnet parameter in the app/admin/routing/edit-bgp-mapping-search.php component of the phpipam web...

PT-2021-20911

Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.4.3 Description: The issue allows for Reflected XSS via the IP calculator, specifically through the app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php endpoints. Recommendations: For phpIPAM versi...