Exposure of GLPI

CRM, Web frameworks

51

exposure score

131

sites use

0

exploited

8

critical

CVEs

163 results

CVE-2022-39276LOWBlind Server-Side Request Forgery (SSRF) in RSS feeds and planningEPSS 0.6%CVE-2021-21314MEDIUMXSS injection on ticket updateEPSS 0.6%CVE-2025-25192MEDIUMGLPI allows unauthorized access to debug modeEPSS 0.6%CVE-2023-28636MEDIUMGLPI vulnerable to stored Cross-site Scripting in external linksEPSS 0.6%CVE-2022-41941MEDIUMglpi contains XSS Stored inside Standard Interface Help Link href attributeEPSS 0.6%CVE-2023-37278MEDIUMGLPI vulnerable to SQL injection via dashboard administrationEPSS 0.6%CVE-2023-22724MEDIUMglpi contains XSS in RSS Description LinkEPSS 0.6%CVE-2022-31187MEDIUMStored Cross Site Scripting (XSS) through global search in GLPIEPSS 0.6%CVE-2023-35940HIGHGLPI vulnerable to unauthenticated access to Dashboard dataEPSS 0.6%CVE-2020-11062MEDIUMReflexive XSS in GLPIEPSS 0.5%CVE-2023-28852MEDIUMGLPI vulnerable to stored Cross-site Scripting through dashboard administrationEPSS 0.5%CVE-2022-39277MEDIUMCross-Site Scripting (XSS) in external links in GLPIEPSS 0.5%CVE-2024-41679MEDIUMAuthenticated SQL injection in ticket formEPSS 0.5%CVE-2024-45608MEDIUMGLPI has an Authenticated SQL InjectionEPSS 0.5%CVE-2021-39209HIGHBypassable CSRF protectionEPSS 0.5%CVE-2022-35945MEDIUMCross site scripting (XSS) via registration API in GLPIEPSS 0.5%CVE-2024-47761HIGHGLPI vulnerable to account takeover via the password reset featureEPSS 0.5%CVE-2022-39375MEDIUMCross-Site Scripting (XSS) through public RSS feed in GLPIEPSS 0.5%CVE-2023-28849CRITICALGLPI vulnerable to SQL injection and Stored XSS via inventory agent requestEPSS 0.5%CVE-2024-41678MEDIUMGLPI has multiple reflected XSSEPSS 0.5%

← previouspage 5 / 9next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →