CVE-2024-23645

Опубликовано: 01 фев. 2024

Источник: debian

EPSS Низкий

Описание

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.

Пакет	Статус	Версия исправления	Релиз	Тип
glpi	removed			package

https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x
https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0
https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a

EPSS

Процентиль: 68%

0.00583

Низкий

CVE-2024-23645

CVSS3: 6.5

ubuntu

больше 1 года назад

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.

CVE-2024-23645

CVSS3: 6.5

nvd

больше 1 года назад

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.

ROS-20240812-13

CVSS3: 8.1

redos

11 месяцев назад

Множественные уязвимости glpi

EPSS

Процентиль: 68%

0.00583

Низкий