XSS vulnerability in phpipam affects import features

CVE-2022-1226

What is CVE-2022-1226?

A Cross-Site Scripting (XSS) issue exists in the phpipam web application affecting versions before 1.4.7. This vulnerability enables an attacker to upload specially crafted spreadsheet files, allowing the execution of arbitrary JavaScript code in the browsers of users. Key endpoints that are susceptible include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The exploitation of this vulnerability can lead to severe consequences, including alteration of website content, execution of harmful scripts, unauthorized access to sensitive user information such as cookies, and breach of user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References