CVE-2022-3845

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3845

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3845.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3845

Published

2022-11-02T20:15:11.537Z

Modified

2025-11-20T12:09:18.394900Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.

References

Affected packages

Git / github.com/phpipam/phpipam

Affected ranges

Type: GIT
Repo: https://github.com/phpipam/phpipam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22c797c3583001211fe7d31bccd3f1d4aeeb3bbc

Fixed

f8c651de07f9cb48f93feb76386ac5b54b404e81

Affected versions

v1.*

v1.16.003

v1.19.008

v1.2.0

v1.2.0_beta2

v1.3.0

v1.3.2

v1.4.0