CVE-2022-23045

Summary

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.

Affected Software

VendorProductVersion RangeStatus
n/aPhpIPAM1.4.4affected

Weaknesses

  • Stored cross-site scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References