Headline
CVE-2022-39277: XSS in external links
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.
Package
glpi (glpi)
Affected versions
>= 0.60
Patched versions
10.0.4
Description
Impact
External links are not properly sanitized and can therefore be used for XSS attack.
Patches
Upgrade to GLPI 10.0.4.
For more information
If you have any questions or comments about this advisory:
mail us at [email protected]
Severity
Moderate
4.5
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CVE ID
CVE-2022-39277
Weaknesses
CWE-79 CWE-80
Credits
- W0rty