CVE-2020-11062 — Cross-site Scripting in Glpi

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 58.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi Glpi

Timeline

PublishedMay 12

Description

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDglpi-project/glpi0.68.1 — 9.4.6

▶CVEListV5glpi/glpi> 0.68.1, < 9.4.6

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-11062: In GLPI after 0↗2020-05-12

▶