CVE-2018-1000860
Last modified
CVE-2018-1000860 is a vulnerability of currently unknown severity. phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. EPSS estimates a 0.80% chance of exploitation in the next 30 days.
Description
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpipam | Phpipam | <= 1.3.2 |
References
- https://github.com/phpipam/phpipam/issues/2338Exploit, Patch, Third Party Advisory
- https://github.com/phpipam/phpipam/issues/2338Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000860?
How severe is CVE-2018-1000860?
How do I fix CVE-2018-1000860?
Are you affected by CVE-2018-1000860?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST