Описание
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glpi | removed | package |
Примечания
Only supported behind an authenticated HTTP zone
https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
EPSS
Процентиль: 72%
0.00705
Низкий
Связанные уязвимости
CVSS3: 6.1
ubuntu
больше 4 лет назад
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
CVSS3: 6.1
nvd
больше 4 лет назад
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
EPSS
Процентиль: 72%
0.00705
Низкий