CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4965 – phpipam Header redirect
https://notcve.org/view.php?id=CVE-2023-4965
14 Sep 2023 — A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. • https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24657
https://notcve.org/view.php?id=CVE-2023-24657
08 Mar 2023 — phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. • https://github.com/phpipam/phpipam/issues/3738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1211 – SQL Injection in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-1211
06 Mar 2023 — SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. • https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1212 – Cross-site Scripting (XSS) - Stored in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-1212
06 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. • https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0676 – Cross-site Scripting (XSS) - Reflected in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-0676
04 Feb 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. • https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0677 – Cross-site Scripting (XSS) - Reflected in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-0677
04 Feb 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. • https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 1CVE-2023-0678 – Missing Authorization in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-0678
04 Feb 2023 — Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. • https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3845 – phpipam Import Preview import-load-data.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3845
02 Nov 2022 — A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. • https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41443
https://notcve.org/view.php?id=CVE-2022-41443
03 Oct 2022 — phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. Se ha detectado que phpipam versión v1.5.0, contiene una vulnerabilidad de inyección de encabezado por medio del componente /admin/subnets/ripe-query.php • https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1225 – Incorrect Privilege Assignment in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2022-1225
04 Apr 2022 — Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. Una Asignación Incorrecta de Privilegios en el repositorio de GitHub phpipam/phpipam versiones anteriores a 1.4.6 • https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 • CWE-266: Incorrect Privilege Assignment •