Reflected XSS and CSRF in phpIPAM by phpIPAM
CVE-2021-46426

6.1MEDIUM

Key Information:

Vendor

PHPipam

Status
PHPipam
Vendor
CVE Published:
25 March 2022

What is CVE-2021-46426?

A vulnerability in phpIPAM version 1.4.4 enables attackers to exploit reflected cross-site scripting (XSS) and cross-site request forgery (CSRF) through the subnets functionality. This can allow unauthorized access and manipulation of sensitive data, making it imperative for users to implement security measures and updates to mitigate potential risks.

References

https://www.tempest.com.br
x_refsource_MISC
https://github.com/phpipam
x_refsource_MISC
https://github.com/phpipam/phpipam/commit/6c1f72816d6ac63...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.