Lucene search

K
nvd[email protected]NVD:CVE-2023-22722
HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-22722

2023-01-2621:18:12
CWE-79
web.nvd.nist.gov
glpi
asset management
it management
cross-site scripting
cve-2023-22722
security vulnerability
url exploitation
session cookies
version 10.0.6 patch

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.3%

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.

Affected configurations

NVD
Node
glpi-projectglpiRange9.4.09.5.12
OR
glpi-projectglpiRange10.0.010.0.6

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.3%

Related for NVD:CVE-2023-22722