CVE-2022-39375Cross-site Scripting in Glpi

CWE-79Cross-site Scripting2 documents2 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 47.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedNov 3

Description

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDglpi-project/glpi0.8410.0.4
CVEListV5glpi-project/glpi>= 0.84, < 10.0.4

🔴Vulnerability Details

1
OSV
CVE-2022-39375: GLPI stands for Gestionnaire Libre de Parc Informatique2022-11-03