ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue.
| Π Π΅Π»ΠΈΠ· | Π‘ΡΠ°ΡΡΡ | ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅ |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
Π‘ΡΡΠ»ΠΊΠΈ Π½Π° ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΈ
EPSS
6.5 Medium
CVSS3
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue.
GLPI is a free asset and IT management software package. In versions p ...
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΡΠΈΡΡΠ΅ΠΌΡ Π·Π°ΡΠ²ΠΎΠΊ, ΠΈΠ½ΡΠΈΠ΄Π΅Π½ΡΠΎΠ² ΠΈ ΠΈΠ½Π²Π΅Π½ΡΠ°ΡΠΈΠ·Π°ΡΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΎΠ±ΠΎΡΡΠ΄ΠΎΠ²Π°Π½ΠΈΡ GLPI, ΡΠ²ΡΠ·Π°Π½Π½Π°Ρ Ρ Π½Π΅ΠΏΡΠΈΠ½ΡΡΠΈΠ΅ΠΌ ΠΌΠ΅Ρ ΠΏΠΎ Π·Π°ΡΠΈΡΠ΅ ΡΡΡΡΠΊΡΡΡΡ Π²Π΅Π±-ΡΡΡΠ°Π½ΠΈΡΡ, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠ°Ρ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ Π²ΡΠΏΠΎΠ»Π½ΡΡΡ Π°ΡΠ°ΠΊΠΈ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΌΠ΅ΠΆΡΠ°ΠΉΡΠΎΠ²ΠΎΠ³ΠΎ ΡΠΊΡΠΈΠΏΡΠΈΠ½Π³Π° (XSS)
ΠΠ½ΠΎΠΆΠ΅ΡΡΠ²Π΅Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ glpi
EPSS
6.5 Medium
CVSS3