5 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-21313
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before...
Security fix for the ALT Linux 10 package glpi version 9.5.4-alt1
March 31, 2021 Pavel Zilke 9.5.4-alt1 - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS...
CVE-2021-21313
creationtimestamp| type| source ---|---|--- 2021-03-03 22:45:41+00:00| published-proof-of-concept| https://t.me/cibsecurity/24427...
CVE-2021-21313
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters target and id are not...
CVE-2021-21313
CVE-2021-21313 affects GLPI before 9.5.4, where the /ajax/common.tabs.php endpoint inadequately sanitizes parameters _target and id. This can enable crafted URLs to trigger cross‑site effects or script execution depending on the payloads (examples include JavaScript: alerts and other inline code)...