CVE-2024-23645

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.
Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

History

07 Feb 2024, 20:54

Type Values Removed Values Added
First Time Glpi-project glpi
Glpi-project
References () https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x - () https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x - Vendor Advisory
References () https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a - () https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a - Patch
References () https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0 - () https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0 - Patch
References () https://github.com/glpi-project/glpi/releases/tag/10.0.12 - () https://github.com/glpi-project/glpi/releases/tag/10.0.12 - Patch, Release Notes
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

01 Feb 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-01 18:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-23645

Mitre link : CVE-2024-23645

CVE.ORG link : CVE-2024-23645


JSON object : View

Products Affected

glpi-project

  • glpi
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')