CVE-2015-6529

Name of the Vulnerable Software and Affected Versions phpipam version 1.1.010

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the section parameter to "site/error.php" or the ip parameter to "site/tools/searchResults.php".

Recommendations For phpipam version 1.1.010, as a temporary workaround, consider restricting access to the "site/error.php" and "site/tools/searchResults.php" endpoints until a patch is available. Avoid using the section and ip parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.