CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55093
https://notcve.org/view.php?id=CVE-2024-55093
31 Mar 2025 — phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. • https://github.com/phpipam/phpipam/commit/d0caaeba885364fd0521f094511c5d7b11f9da8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41580
https://notcve.org/view.php?id=CVE-2023-41580
02 Oct 2023 — Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. Se descubrió que Phpipam anterior a v1.5.2 contenía una vulnerabilidad de inyección LDAP a través del parámetro dname en /users/ad-search-result.php. Esta vulnerabilidad permite a los atacantes enumerar campos arbitrarios en el servidor L... • https://github.com/ehtec/phpipam-exploit • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4965 – phpipam Header redirect
https://notcve.org/view.php?id=CVE-2023-4965
14 Sep 2023 — A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. • https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24657
https://notcve.org/view.php?id=CVE-2023-24657
08 Mar 2023 — phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. • https://github.com/phpipam/phpipam/issues/3738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1211 – SQL Injection in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-1211
06 Mar 2023 — SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. • https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1212 – Cross-site Scripting (XSS) - Stored in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-1212
06 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. • https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0676 – Cross-site Scripting (XSS) - Reflected in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-0676
04 Feb 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. • https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0677 – Cross-site Scripting (XSS) - Reflected in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-0677
04 Feb 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. • https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 1CVE-2023-0678 – Missing Authorization in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-0678
04 Feb 2023 — Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. • https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3845 – phpipam Import Preview import-load-data.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3845
02 Nov 2022 — A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. • https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •