ROS-20240726-01

A vulnerability in GLPI’s request and incident handling system is related to improper input validation.
Exploitation of the vulnerability could allow an attacker acting remotely to impact the
system integrity

A vulnerability in the GLPI request and incident handling system is associated with the introduction of malicious code by an administrator.
by an administrator. Exploitation of the vulnerability could allow an attacker acting remotely to inject
malicious code into accounts

A vulnerability in the GLPI request and incident handling system is related to the failure to take measures to protect the structure of a web page.
of the web page. Exploitation of the vulnerability could allow an attacker acting remotely to perform a cross-site scripted attack.
Cross-site scripting attacks

Vulnerability in GLPI’s request and incident handling system is related to configuration passing in javascript
Some entries are filtered, but the ldap_pass variable is not filtered. Exploitation of the vulnerability
could allow an attacker acting remotely to learn the password for root dn

A vulnerability in the GLPI request and incident handling system is related to the use of ticketing actions or the
customizing login messages with a stylesheet reference. Exploitation of the vulnerability could allow an
an attacker acting remotely to conduct a cross-site scripting attack

A vulnerability in the GLPI request and incident handling system is related to the fact that the registration key, is not
shielded properly on the registration key configuration page. Exploitation of the vulnerability
could allow an attacker acting remotely to steal a GLPI administrator cookie

A vulnerability in the GLPI request and incident handling system is related to the ability to access the
to the debug panel through the GLPI update script. Exploitation of the vulnerability could allow an attacker,
acting remotely, to impact the integrity of the system

A vulnerability in GLPI’s request and incident handling system is associated with the disclosure of sensitive information
to an unauthorized person. Exploitation of the vulnerability could allow an attacker acting remotely,
disclose sensitive data

Vulnerability in the GLPI request and incident handling system is related to the improper neutralization of special elements.
special elements. Exploitation of the vulnerability could allow an attacker acting remotely to,
scan server or service ports, conduct SQL injection attacks

A vulnerability in the GLPI request and incident handling system is related to the lack of proper cleaning of external
references. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a Cross-Site Scripting (XSSI) attack.
Cross-Site Scripting (XSS)

A vulnerability in the GLPI request and incident handling system is related to server-side request forgery.
Exploitation of the vulnerability could allow an attacker acting remotely to redirect a user to a malicious URL.
malicious URL

A vulnerability in the GLPI request and incident handling system is related to the definition of content in the format of
RTF format content to be displayed on the login page that contains malicious code. Exploitation of the vulnerability
could allow an attacker acting remotely to execute arbitrary code and steal
sensitive data

A vulnerability in GLPI’s request and incident handling system is related to a lack of cleanup when uploading
SVG files and javascript embedding in user avatars. Exploitation of the vulnerability could allow
an attacker acting remotely to conduct a cross-site scripting attack

A vulnerability in GLPI’s request and incident handling system is related to the fact that the use of RSS feeds or an external calendar in scheduling is susceptible to cross-site scripting.
external calendar during scheduling is susceptible to the SSRF exploit. Exploitation of the vulnerability could allow
an attacker acting remotely to scan server ports or services open on the GLPI server or its
private network

A vulnerability in GLPI’s request and incident handling system is related to the failure to validate input requests
properly in the plugin controller and using a plugin class to access the low-level API.
Exploitation of the vulnerability could allow an attacker acting remotely to scan server ports or
services, affect the integrity of the system

A vulnerability in the GLPI request and incident handling system is related to insufficient session expiration.
Exploitation of the vulnerability could allow an attacker acting remotely to impact the
system integrity

A vulnerability in the GLPI request and incident handling system is related to the fact that special elements are not properly neutralized.
special elements. Exploitation of the vulnerability could allow an attacker acting remotely to,
scan server or service ports, conduct a time-based attack using SQL injection into the
REST user_token API

Vulnerability in the GLPI request and incident handling system is related to improper neutralization of input
data during web page generation. Exploitation of the vulnerability could allow an attacker acting
remotely to inject malicious code

A vulnerability in the GLPI request and incident handling system is related to the failure to neutralize HTML tags
properly. Exploitation of the vulnerability could allow an attacker acting remotely,
compromise the confidentiality of the system