← volver
CVE-2024-27104

Stored XSS in dashboards in GLPI

CVSS 4.5 MEDIUMEPSS 0.7%CWE-79
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Productos afectados
glpi-project · glpi

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/glpi-project/glpi/commit/b409ca437864607b03c2014b9e3293b7f141af65https://github.com/glpi-project/glpi/releases/tag/10.0.13https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj