Volerion logoVolerion
Volerion logoVolerion

phpipam Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in phpipam versions 1.5.0 prior to 1.6.0. This vulnerability allows attackers to inject and execute arbitrary JavaScript in the context of the user's browser. The issue arises because the application improperly sanitizes data received in HTTP requests, echoing it back in responses without adequate protection. Exploitation could lead to a complete compromise of the user's session.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to 'app/subnets/mail-notify-subnet-check.php' on a vulnerable phpipam installation. Include a 'recipients' parameter with a script payload, such as '<script>alert(1)</script>'. The injected script will be executed in the user's browser, demonstrating the cross-site scripting vulnerability.

Remediation

Users can upgrade to phpipam version 1.7.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
1.7
exploitability
7.7
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.