CVE-2019-1000010

Опубликовано: 04 фев. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.

Ссылки

https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c
Patch
Third Party Advisory
https://github.com/phpipam/phpipam/issues/2327
Exploit
Issue Tracking
Third Party Advisory
https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c
Patch
Third Party Advisory
https://github.com/phpipam/phpipam/issues/2327
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*

Версия до 1.3.2 (включая)

EPSS

Процентиль: 45%

0.00223

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-1000010

CVSS3: 6.1

debian

около 7 лет назад

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS ...

GHSA-598p-ff2g-5p9p

CVSS3: 6.1

github

больше 3 лет назад

EPSS

Процентиль: 45%

0.00223

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79