CVE-2020-11062

Опубликовано: 12 мая 2020

Источник: nvd

CVSS3: 6

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.

Ссылки

https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия от 0.68.1 (включая) до 9.4.6 (исключая)

EPSS

Процентиль: 42%

0.00195

Низкий

6 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-11062

CVSS3: 6

ubuntu

больше 5 лет назад

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.

CVE-2020-11062

CVSS3: 6

debian

больше 5 лет назад

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...

EPSS

Процентиль: 42%

0.00195

Низкий

6 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79