CVE-2019-13239 — Cross-site Scripting in Glpi

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 4

Latest updateMay 24

Description

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDglpi-project/glpi9.1 — 9.4.3

GHSA

GHSA-jp2v-hj27-h3hw: inc/user↗2022-05-24

▶

OSV

CVE-2019-13239: inc/user↗2019-07-04

▶

Bugzilla

CVE-2019-13239 glpi: XSS via user picture in inc/user.class.php [epel-7]↗2019-07-08

▶

Bugzilla

CVE-2019-13239 glpi: XSS via user picture in inc/user.class.php↗2019-07-08

▶

Bugzilla

CVE-2019-13239 glpi: XSS via user picture in inc/user.class.php [fedora-all]↗2019-07-08

▶