CVE-2022-23045

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-23045

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23045.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23045

Published

2022-01-19T21:15:09.077Z

Modified

2025-11-14T12:56:31.344087Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.

References

Affected packages

Git / github.com/phpipam/phpipam

Affected ranges

Type: GIT
Repo: https://github.com/phpipam/phpipam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e3d78a3c1e5b86e18bef86c65ab4f1976e294371

Affected versions

v1.*

v1.16.003

v1.19.008

v1.2.0

v1.2.0_beta2

v1.3.0

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23045.json"