phpipam v1.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
phpipam phpipam 1.6