CVE-2022-39376Improper Input Validation in Glpi

CWE-20Improper Input Validation2 documents2 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedNov 3

Description

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDglpi-project/glpi0.6510.0.4
CVEListV5glpi-project/glpi>= 0.65, < 10.0.4

🔴Vulnerability Details

1
OSV
CVE-2022-39376: GLPI stands for Gestionnaire Libre de Parc Informatique2022-11-03