Reflected XSS Vulnerability in phpIPAM by phpIPAM
CVE-2021-35438

6.1MEDIUM

Key Information:

Vendor: PHPipam
Status: PHPipam
Vendor: CVE Published:; 23 June 2021

What is CVE-2021-35438?

A reflected XSS vulnerability exists in phpIPAM version 1.4.3, which can be exploited through specially crafted requests to endpoints such as app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php. This vulnerability allows attackers to inject malicious scripts into the web pages, potentially leading to session hijacking, data theft, or further exploitation of users' web sessions.

References

https://github.com/phpipam/phpipam/issues/3351

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2021
Vulnerability Reserved
Jun 23, 2021

PHPipam

What is CVE-2021-35438?

References

CVSS V3.1

Timeline