Phpipam · Phpipam · CVE-2021-46426
**Name of the Vulnerable Software and Affected Versions**
phpIPAM version 1.4.4
**Description**
The issue allows for Reflected XSS and CSRF attacks via the "app/admin/subnets/find free section subnets.php" endpoint of the subnets functionality.
**Recommendations**
For phpIPAM version 1.4.4, consider disabling access to the "app/admin/subnets/find free section subnets.php" endpoint until a patch is available. Restrict the use of the subnets functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.