CVE-2024-47759 — Cross-site Scripting in Glpi

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.7MEDIUMNVD

EPSS

0.7%

top 28.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedNov 15

Description

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDglpi-project/glpi9.2.0 — 10.0.17

▶CVEListV5glpi-project/glpi>= 9.2.0, < 10.0.17

🔴Vulnerability Details

OSV

CVE-2024-47759: GLPI is a free Asset and IT management software package↗2024-11-15

▶