CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55093
https://notcve.org/view.php?id=CVE-2024-55093
31 Mar 2025 — phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. • https://github.com/phpipam/phpipam/commit/d0caaeba885364fd0521f094511c5d7b11f9da8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1226 – Cross-site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2022-1226
15 Nov 2024 — A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by... • https://github.com/phpipam/phpipam/commit/50e36b9e4fff5eaa51dc6e42bc684748da378002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0787 – Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-0787
15 Nov 2024 — phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0... • https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41358
https://notcve.org/view.php?id=CVE-2024-41358
29 Aug 2024 — phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. • https://github.com/phpipam/phpipam/issues/4148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41353
https://notcve.org/view.php?id=CVE-2024-41353
26 Jul 2024 — phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php • https://github.com/phpipam/phpipam/issues/4147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41354
https://notcve.org/view.php?id=CVE-2024-41354
26 Jul 2024 — phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php • https://github.com/phpipam/phpipam/issues/4150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41355
https://notcve.org/view.php?id=CVE-2024-41355
26 Jul 2024 — phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. • https://github.com/phpipam/phpipam/issues/4151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41356
https://notcve.org/view.php?id=CVE-2024-41356
26 Jul 2024 — phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. • https://github.com/phpipam/phpipam/issues/4146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41357
https://notcve.org/view.php?id=CVE-2024-41357
26 Jul 2024 — phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. • https://github.com/phpipam/phpipam/issues/4149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41580
https://notcve.org/view.php?id=CVE-2023-41580
02 Oct 2023 — Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. Se descubrió que Phpipam anterior a v1.5.2 contenía una vulnerabilidad de inyección LDAP a través del parámetro dname en /users/ad-search-result.php. Esta vulnerabilidad permite a los atacantes enumerar campos arbitrarios en el servidor L... • https://github.com/ehtec/phpipam-exploit • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •