Stored Cross-Site Scripting Vulnerability in phpIPAM by phpIPAM Team
CVE-2020-13225

4.8MEDIUM

Key Information:

Vendor: PHPipam
Status: PHPipam
Vendor: CVE Published:; 20 May 2020

What is CVE-2020-13225?

The phpIPAM 1.4 application is affected by a stored cross-site scripting vulnerability that arises from improper validation of user input in the Edit User Instructions field. This security flaw allows attackers to inject malicious scripts into user instructions, which can then be executed in the browsers of unsuspecting users accessing the affected application. As a result, sensitive information may be compromised, and user trust could be undermined. It is imperative for users to apply necessary patches and stay informed on the latest security updates.

References

https://github.com/phpipam/phpipam/issues/3025

x_refsource_MISC

https://www.youtube.com/watch?v=SpFmM03Jl40

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 20, 2020
Vulnerability Reserved
May 20, 2020

PHPipam

What is CVE-2020-13225?

References

CVSS V3.1

Timeline