Описание
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.
Ссылки
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
8.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
A stored cross-site scripting (XSS) vulnerability exists in phpipam/ph ...
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0.
EPSS
8.2 High
CVSS3
6.1 Medium
CVSS3