CVE-2022-39372Cross-site Scripting in Glpi

CWE-79Cross-site ScriptingCWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)2 documents2 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 47.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedNov 3

Description

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDglpi-project/glpi0.7010.0.4
CVEListV5glpi-project/glpi>= 0.70, < 10.0.4

🔴Vulnerability Details

1
OSV
CVE-2022-39372: GLPI stands for Gestionnaire Libre de Parc Informatique2022-11-03