First published: Thu Nov 03 2022(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=0.65<10.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39376 is a vulnerability in GLPI, a Free Asset and IT Management Software, that allows users to inject custom field values in `mailto` links.
The severity of CVE-2022-39376 is medium, with a severity value of 6.5.
CVE-2022-39376 has been patched, so make sure to update your GLPI software to the latest version to fix the vulnerability.
GLPI stands for Gestionnaire Libre de Parc Informatique, which is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking, and software auditing.
The Common Weakness Enumeration (CWE) ID for CVE-2022-39376 is CWE-20.