Vulnerabilities > Phpipam > Phpipam > 1.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-31 | CVE-2024-55093 | Cross-site Scripting vulnerability in PHPipam phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. | 4.7 |
| 2025-03-20 | CVE-2024-10719 | Cross-site Scripting vulnerability in PHPipam A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. | 5.4 |
| 2025-03-20 | CVE-2024-10720 | Cross-site Scripting vulnerability in PHPipam A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. | 6.1 |
| 2025-03-20 | CVE-2024-10722 | Cross-site Scripting vulnerability in PHPipam A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. | 5.4 |
| 2025-03-20 | CVE-2024-10723 | Cross-site Scripting vulnerability in PHPipam A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. | 5.4 |
| 2025-03-20 | CVE-2024-10724 | Cross-site Scripting vulnerability in PHPipam A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. | 5.4 |
| 2025-03-20 | CVE-2024-10725 | Cross-site Scripting vulnerability in PHPipam A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. | 5.4 |
| 2024-11-15 | CVE-2022-1226 | Unspecified vulnerability in PHPipam A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. | 4.8 |
| 2024-11-15 | CVE-2024-0787 | Unspecified vulnerability in PHPipam phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. | 5.9 |
| 2023-10-02 | CVE-2023-41580 | Injection vulnerability in PHPipam Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. | 7.5 |