Vulnerability CVE-2023-0677: Information

Description

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-0677

Published: Feb. 4, 2023

Modified: Feb. 12, 2023

Error type identifier: CWE-79

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
phpipam	sisyphus	1.26.050-alt1	1.6.0-alt1	ALT-PU-2016-2512-1	175599	Fixed
phpipam	sisyphus_e2k	1.5.2-alt1	1.6.0-alt1	ALT-PU-2023-3558-1	-	Fixed
phpipam	p10	1.5.2-alt1	1.5.2-alt1	ALT-PU-2023-1837-1	320640	Fixed
phpipam	p10_e2k	1.5.2-alt1	1.5.2-alt1	ALT-PU-2023-3623-1	-	Fixed
phpipam	p9	1.26.050-alt1	1.45.031-alt1	ALT-PU-2016-2512-1	175599	Fixed
phpipam	p8	1.30.000-alt1.M80P.1	1.32.004-alt1	ALT-PU-2017-1747-1	184304	Fixed
phpipam	c10f1	1.5.2-alt1	1.46.031-alt1	ALT-PU-2023-1837-1	320640	Fixed
phpipam	c9f2	1.26.050-alt1	1.40.000-alt3	ALT-PU-2016-2512-1	175599	Fixed

Hyperlink	Resource
https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0	Exploit Patch Third Party Advisory
https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89	Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*
  End excliding
  1.5.1

Version: v24.4.2