CVE-2020-11036Cross-site Scripting in Glpi

CWE-79Cross-site Scripting5 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.8%
top 26.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedMay 5
Latest updateMay 11

Description

In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert(1)" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `" onmouseover="alert(document.cookie)` and an empty first name. 2. W

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDglpi-project/glpi< 9.4.6

🔴Vulnerability Details

1
OSV
CVE-2020-11036: In GLPI before version 92020-05-05

💬Community

3
Bugzilla
CVE-2020-11036 glpi: XSS in the comments of items in the knowledge base and via the User-Agent for administrators2020-05-11
Bugzilla
CVE-2020-11036 glpi: XSS in the comments of items in the knowledge base and via the User-Agent for administrators [epel-7]2020-05-11
Bugzilla
CVE-2020-11036 glpi: XSS in the comments of items in the knowledge base and via the User-Agent for administrators [fedora-all]2020-05-11