Cross Site Scripting Vulnerability in phpIPAM by phpIPAM
CVE-2019-1000010

6.1MEDIUM

Key Information:

Vendor: PHPipam
Status: PHPipam
Vendor: CVE Published:; 4 February 2019

What is CVE-2019-1000010?

phpIPAM versions up to and including 1.3.2 are susceptible to a Cross Site Scripting (XSS) vulnerability found in the subnet-scan-telnet.php file. This security flaw could enable an attacker to execute arbitrary code in the browser of users who visit a specially crafted link. It is advised that users upgrade to version 1.4 or later to mitigate this risk.

References

https://github.com/phpipam/phpipam/issues/2327

x_refsource_MISC

https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c30...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2019
Vulnerability Reserved
Jan 15, 2019

PHPipam

What is CVE-2019-1000010?

References

CVSS V3.1

Timeline