Описание
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
Ссылки
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpipam:phpipam:1.4.4:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00328
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
debian
около 4 лет назад
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...
github
около 4 лет назад
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
EPSS
Процентиль: 55%
0.00328
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79