{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T14:34:31.623","vulnerabilities":[{"cve":{"id":"CVE-2022-23045","sourceIdentifier":"help@fluidattacks.com","published":"2022-01-19T21:15:09.077","lastModified":"2026-06-17T04:29:24.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site title\" parameter while updating the site settings. The \"Site title\" setting is injected in several locations which triggers the XSS."},{"lang":"es","value":"PhpIPAM versión v1.4.4, permite a un usuario administrador autenticado inyectar código JavaScript persistente dentro del parámetro \"Site title\" mientras es actualizada la configuración del sitio. El parámetro \"Site title\" es inyectado en varias ubicaciones que desencadenan el ataque de tipo XSS"}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"n/a","product":"PhpIPAM","versions":[{"version":"1.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpipam:phpipam:1.4.4:*:*:*:*:*:*:*","matchCriteriaId":"8740D50B-34B1-44D3-B6CF-93047F04D587"}]}]}],"references":[{"url":"https://fluidattacks.com/advisories/osbourne/","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/phpipam/phpipam/releases/tag/v1.4.5","source":"help@fluidattacks.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://fluidattacks.com/advisories/osbourne/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/phpipam/phpipam/releases/tag/v1.4.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}