CVE-2024-27914

Опубликовано: 18 мар. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 6.1

EPSS Низкий

Описание

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.

Ссылки

https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95
Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.13
Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r
Vendor Advisory
https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95
Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.13
Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия от 10.0.8 (включая) до 10.0.13 (исключая)

EPSS

Процентиль: 83%

0.01974

Низкий

5.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-27914

CVSS3: 5.3

ubuntu

больше 1 года назад

CVE-2024-27914

CVSS3: 5.3

debian

больше 1 года назад

GLPI is a Free Asset and IT Management Software package, Data center m ...

ROS-20240812-13

CVSS3: 8.1

redos

11 месяцев назад

Множественные уязвимости glpi

EPSS

Процентиль: 83%

0.01974

Низкий

5.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79