CVE-2018-1000860

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000860

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000860.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1000860

Published

2018-12-20T17:29:00Z

Modified

2025-01-08T04:51:05.588359Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..

References

https://github.com/phpipam/phpipam/issues/2338

Affected packages

Git / github.com/phpipam/phpipam

Affected ranges

Type: GIT
Repo: https://github.com/phpipam/phpipam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d22e50224ad89ec31c329576a25ba6ec64903857

Affected versions

v1.*

v1.16.003

v1.19.008

v1.2.0

v1.2.0_beta2

v1.3.0

v1.3.2