CVE-2021-3486

CVE-2021-3486

EPSS 1.4%CWE-79

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947653 https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS https://n3k00n3.github.io/blog/09042021/glpi_xss.html