Cross Site Scripting Flaw in phpIPAM by phpipam
CVE-2018-1000860

4.7MEDIUM

Key Information:

Vendor: PHPipam
Status: PHPipam
Vendor: CVE Published:; 20 December 2018

What is CVE-2018-1000860?

The phpIPAM application contains a Cross Site Scripting vulnerability due to improper handling of the phpipamredirect cookie value. When the value is manipulated, it can be exploited to execute arbitrary code in the browser of a victim accessing the login page. Exploitation requires the attacker to set or modify a cookie for the phpIPAM instance's domain, potentially chaining this attack with other vulnerabilities.

References

https://github.com/phpipam/phpipam/issues/2338

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2018
Vulnerability Reserved
Nov 29, 2018

PHPipam

What is CVE-2018-1000860?

References

CVSS V3.1

Timeline