CVE-2017-6481

Name of the Vulnerable Software and Affected Versions phpipam version 1.2

Description Multiple Cross-Site Scripting (XSS) issues were discovered due to insufficient filtration of user-supplied data. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The vulnerabilities exist in several pages, including instructions in app/admin/instructions/preview.php and subnetId in app/admin/powerDNS/refresh-ptr-records.php.

Recommendations For phpipam version 1.2, as a temporary workaround, consider restricting access to the app/admin/instructions/preview.php and app/admin/powerDNS/refresh-ptr-records.php pages until a patch is available. Avoid using the instructions and subnetId variables in these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.