CVE-2021-46426

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.4.4

Description The issue allows for Reflected XSS and CSRF attacks via the "app/admin/subnets/find free section subnets.php" endpoint of the subnets functionality.

Recommendations For phpIPAM version 1.4.4, consider disabling access to the "app/admin/subnets/find free section subnets.php" endpoint until a patch is available. Restrict the use of the subnets functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.