First published: Thu Nov 03 2022(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=0.60<10.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package.
The vulnerability ID is CVE-2022-39277.
The severity of CVE-2022-39277 is medium with a CVSS score of 4.8.
The CWE ID of CVE-2022-39277 is CWE-79 and CWE-80.
CVE-2022-39277 affects GLPI versions 0.60 to 10.0.4 by allowing Cross-Site Scripting (XSS) attacks through unsanitized external links.