CVE-2022-23045

Name of the Vulnerable Software and Affected Versions PhpIPAM version 1.4.4

Description The issue allows an authenticated admin user to inject persistent JavaScript code inside the Site title parameter while updating the site settings. This setting is injected in several locations, which triggers the XSS.

Recommendations For PhpIPAM version 1.4.4, avoid using the Site title parameter in site settings until the issue is resolved. As a temporary workaround, consider restricting access to site settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.