Vulnerabilities > Phpipam > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-1223 | Unspecified vulnerability in PHPipam Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | 6.5 |
| 2022-04-04 | CVE-2022-1224 | Incorrect Authorization vulnerability in PHPipam Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | 6.5 |
| 2022-04-04 | CVE-2022-1225 | Unspecified vulnerability in PHPipam Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | 6.5 |
| 2022-03-25 | CVE-2021-46426 | Cross-site Scripting vulnerability in PHPipam 1.4.4 phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | 6.1 |
| 2022-01-19 | CVE-2022-23045 | Cross-site Scripting vulnerability in PHPipam 1.4.4 PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. | 4.8 |
| 2021-06-23 | CVE-2021-35438 | Cross-site Scripting vulnerability in PHPipam 1.4.3 phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | 6.1 |
| 2020-05-20 | CVE-2020-13225 | Cross-site Scripting vulnerability in PHPipam 1.4 phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. | 4.8 |
| 2019-02-04 | CVE-2019-1000010 | Cross-site Scripting vulnerability in PHPipam phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. | 6.1 |
| 2018-12-20 | CVE-2018-1000870 | Cross-site Scripting vulnerability in PHPipam PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. | 5.4 |
| 2018-12-20 | CVE-2018-1000860 | Cross-site Scripting vulnerability in PHPipam phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. | 4.7 |