CVE-2024-31705

An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input...

CVE-2024-31705

Infotel Conseil GLPI v10.X.X and later are affected by an input validation weakness that allows a remote attacker to execute arbitrary code. The issue stems from insufficient validation of user-supplied input, enabling code execution with high impact (CVSS v3.1 base score 9.8). Available referenc...

CVE-2019-10180

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...

Cross site scripting

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...

CVE-2019-10180

The CVE-2019-10180 issue affects all pki-core 10.x.x versions where the Token Processing Service (TPS) unsafely stored or sanitized token parameters, enabling Stored XSS. The root cause is improper sanitization of several parameters stored for tokens, allowing an attacker who can modify token par...

PT-2020-9057 · Pki-Core +1 · Pki-Core +1

Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A vulnerability was found in the Token Processing Service TPS where it did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS...

CVE-2020-1696

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated...

CVE-2019-10221

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a...

CVE-2019-10221

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a...

PT-2020-9050 · Pki-Core +3 · Pki-Core +3

Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A Reflected Cross Site Scripting flaw was found in the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value...