Headline
CVE-2022-24876
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue.
Stored XSS on Kanban
Moderate
trasher published GHSA-33g2-m556-gccr
Jun 9, 2022
Package
glpi (glpi)
Affected versions
10.0.0
Patched versions
10.0.1
Description
Impact
A user can exploit a XSS on Kanban by injecting HTML code in its user name.
Patches
Fixed in 10.0.1.
Severity
Moderate
CVE ID
CVE-2022-24876
Weaknesses
CWE-80