First published: Thu Nov 03 2022(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=0.65<10.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
GLPI stands for Gestionnaire Libre de Parc Informatique, it is a free asset and IT management software package.
The vulnerability ID for GLPI is CVE-2022-39262.
The severity of CVE-2022-39262 is medium with a CVSS score of 4.8.
The GLPI administrator can define rich-text content to be displayed on the login page.
The displayed content on the GLPI login page can contain malicious code used to steal credentials.
Yes, updating to GLPI version 10.0.4 or newer can fix CVE-2022-39262.
You can find more information about CVE-2022-39262 on the official GLPI GitHub advisory and Huntr.dev page.
The CWE IDs related to this vulnerability are CWE-79 (Improper Neutralization of User-Controlled HTML Markup) and CWE-83 (Improper Neutralization of XSS)