Phpipam
Monthly
SQL injection in phpIPAM versions up to 1.7.4 allows authenticated administrators to manipulate the subnetOrdering parameter in the Section Handler component, enabling remote database compromise. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required.
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SQL injection in phpIPAM versions up to 1.7.4 allows authenticated administrators to manipulate the subnetOrdering parameter in the Section Handler component, enabling remote database compromise. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required.
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.