Page 12 of 123 results (0.005 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6. • https://github.com/glpi-project/glpi/security/advisories/GHSA-x9g4-j85w-cmff • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6. GLPI es un paquete gratuito de software de gestión de TI y activos. • https://github.com/glpi-project/glpi/security/advisories/GHSA-f5g6-fxrw-pfj7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6. GLPI es un paquete gratuito de software de gestión de TI y activos. • https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4. GLPI significa Gestionnaire Libre de Parc Informatique. • https://github.com/glpi-project/glpi/security/advisories/GHSA-cw37-q82c-w546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. • https://github.com/glpi-project/glpi/security/advisories/GHSA-fxcx-93fq-8r9g • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •