Lucene search
Redhat.comRH:CVE-2020-15177HistoryMay 20, 2022 - 10:54 p.m.
CVE-2020-15177
2022-05-2022:54:11
redhat.com
access.redhat.com
7
0.001 Low
EPSS
Percentile
29.3%
In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it’s possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.
Related
nessus
nessus
ubuntucve
ubuntucve
CVE-2020-15177
2020-10-07 00:00:00
nvd
nvd
CVE-2020-15177
2020-10-07 19:15:12
cvelist
cvelist
CVE-2020-15177 Unauthenticated Stored XSS in GLPI
2020-10-07 19:05:14
freebsd
freebsd
glpi -- Unauthenticated Stored XSS
2020-06-25 00:00:00
osv
osv
CVE-2020-15177
2020-10-07 19:15:12
prion
prion
Cross site scripting
2020-10-07 19:15:00
cve
cve
CVE-2020-15177
2020-10-07 19:15:12
altlinux
altlinux
Security fix for the ALT Linux 9 package glpi version 9.5.2-alt1
2020-10-26 00:00:00
Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1
2020-10-26 00:00:00