Vulnerability Description
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpipam | Phpipam | <= 1.3.2 |
Related Weaknesses (CWE)
References
- https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c3PatchThird Party Advisory
- https://github.com/phpipam/phpipam/issues/2327ExploitIssue TrackingThird Party Advisory
- https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c3PatchThird Party Advisory
- https://github.com/phpipam/phpipam/issues/2327ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2019-1000010?
CVE-2019-1000010 is a vulnerability with a CVSS score of 6.1 (MEDIUM). phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploita...
How severe is CVE-2019-1000010?
CVE-2019-1000010 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1000010?
Check the references section above for vendor advisories and patch information. Affected products include: Phpipam Phpipam.