VYPR
Medium severity4.8NVD Advisory· Published Jan 19, 2022· Updated Jun 17, 2026

CVE-2022-23045

CVE-2022-23045

Description

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Phpipam/Phpipamcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=1.4.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.