Phpipam

Phpipam

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-61078

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 00:00:00
  • Zuletzt bearbeitet 12.12.2025 12:26:38

Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint.

3.3

CVE-2025-60912

  • EPSS 0.11%
  • Veröffentlicht 08.12.2025 00:00:00
  • Zuletzt bearbeitet 10.12.2025 17:36:31

phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump...

4.7

CVE-2024-55093

  • EPSS 0.17%
  • Veröffentlicht 31.03.2025 13:15:42
  • Zuletzt bearbeitet 23.04.2025 18:32:54

phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.

5.4

CVE-2024-10721

Exploit
  • EPSS 0.08%
  • Veröffentlicht 20.03.2025 10:11:07
  • Zuletzt bearbeitet 01.04.2025 20:35:45

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view th...

6.1

CVE-2024-10727

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.03.2025 10:10:58
  • Zuletzt bearbeitet 01.04.2025 20:35:36

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an uns...

6.1

CVE-2024-10720

Exploit
  • EPSS 0.08%
  • Veröffentlicht 20.03.2025 10:10:32
  • Zuletzt bearbeitet 28.05.2025 20:36:18

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Descript...

5.4

CVE-2024-10722

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.03.2025 10:10:29
  • Zuletzt bearbeitet 28.05.2025 20:35:42

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can l...

5.4

CVE-2024-10719

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.03.2025 10:10:07
  • Zuletzt bearbeitet 28.05.2025 20:34:18

A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts via the 'option' parameter in the POST request to...

7.5

CVE-2024-10718

Exploit
  • EPSS 0.05%
  • Veröffentlicht 20.03.2025 10:10:07
  • Zuletzt bearbeitet 27.06.2025 15:29:49

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue ...

5.4

CVE-2024-10724

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.03.2025 10:09:30
  • Zuletzt bearbeitet 28.05.2025 20:34:37

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The ...