Описание
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glpi | removed | package |
Примечания
https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj
https://github.com/glpi-project/glpi/commit/b409ca437864607b03c2014b9e3293b7f141af65
EPSS
Связанные уязвимости
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.
Уязвимость системы работы с заявками и инцидентами GLPI, связанная c неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS