Headline
CVE-2023-24657: Reflected XSS at /app/tools/subnet-masks/popup.php · Issue #3738 · phpipam/phpipam
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
phpipam 1.6 (looking at the changelog, tested on 1.5 demo at https://demo.phpipam.net/login/timeout/) has a reflected cross-site scripting vulnerability that is executed by exploiting parameter 'closeClass’.
<!-- footer -->
<div class="pFooter">
<div class="btn-group">
<button class="btn btn-sm btn-default <?php print @$_REQUEST['closeClass']; ?>"><?php print _('Close'); ?></button>
</div>
</div>
<!-- footer -->
<div class="pFooter">
<div class="btn-group">
<button class="btn btn-sm btn-default "><script>alert("XSS")</script>">Close</button>
</div>
</div>