Lucene search

[email protected]NVD:CVE-2023-34244

HistoryJul 05, 2023 - 8:15 p.m.

CVE-2023-34244

2023-07-0520:15:10

CWE-79

[email protected]

web.nvd.nist.gov

glpi

software

cve-2023-34244

security

patch

upgrade

version

reflected xss

unauthenticated user

authenticated user

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.9%

JSON

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.

Affected configurations

Nvd

Node

glpi-projectglpiRange9.4.0–10.0.8

VendorProductVersionCPE
glpi-projectglpi*cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glpi-project	glpi	*	cpe:2.3:a:glpi-project:glpi::::::::

References

github.com/glpi-project/glpi/releases/tag/10.0.8

github.com/glpi-project/glpi/security/advisories/GHSA-p93p-pwg9-w95w

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.9%

JSON

Related for NVD:CVE-2023-34244

prion1 ubuntucve1 cvelist1 freebsd1 osv1 cve1 redos1