phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13225
Reference (s):
- https://github.com/phpipam/phpipam/issues/3025
- https://www.youtube.com/watch?v=SpFmM03Jl40