Lucene search
K

2700 matches found

NVD
NVD
added 2024/03/18 5:15 p.m.21 views

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

6.1CVSS5.5AI score0.00815EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 5:15 p.m.26 views

CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.8CVSS4.8AI score0.00665EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 5:15 p.m.23 views

CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS7.7AI score0.58818EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.22 views

CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...

9.6CVSS5.8AI score0.3572EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 5:15 p.m.3 views

UBUNTU-CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS5.8AI score0.58818EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.36 views

CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS5.8AI score0.58818EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.28 views

CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.8CVSS5.7AI score0.00665EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 5:15 p.m.3 views

UBUNTU-CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.8CVSS5.7AI score0.00665EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.25 views

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

6.1CVSS5.8AI score0.00815EPSS
Exploits0References4
CVE
CVE
added 2024/03/18 4:19 p.m.89 views

CVE-2024-27914

CVE-2024-27914 affects GLPI (Asset and IT Management Software). The vulnerability is a reflected XSS that can be triggered when an unauthenticated user entices a GLPI administrator with a malicious link and the administrator navigates through the debug bar. The issue is explicitly described as en...

6.1CVSS5.4AI score0.00815EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/18 4:19 p.m.35 views

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

5.3CVSS5.6AI score0.00815EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/18 4:19 p.m.26 views

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

5.3CVSS6.1AI score0.00815EPSS
Exploits0References3
OSV
OSV
added 2024/03/18 4:19 p.m.30 views

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

5.3CVSS5.8AI score0.00815EPSS
Exploits0References5
OSV
OSV
added 2024/03/18 4:16 p.m.32 views

CVE-2024-27104 Stored XSS in dashboards in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.5CVSS4.7AI score0.00665EPSS
Exploits0References5
CVE
CVE
added 2024/03/18 4:16 p.m.81 views

CVE-2024-27104

GLPI contains a stored XSS flaw in the dashboards feature: a user able to create/share dashboards can inject JavaScript, which executes when others open the dashboard. The issue is documented across multiple sources and is mitigated by patching to GLPI version 10.0.13. RISKS and exploit specifics...

4.8CVSS4.8AI score0.00665EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/18 4:16 p.m.25 views

CVE-2024-27104 Stored XSS in dashboards in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.5CVSS5.9AI score0.00665EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/18 4:16 p.m.34 views

CVE-2024-27104 Stored XSS in dashboards in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.5CVSS5AI score0.00665EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 4:15 p.m.22 views

CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...

6.5CVSS6.6AI score0.26937EPSS
Exploits1References4
NVD
NVD
added 2024/03/18 4:15 p.m.22 views

CVE-2024-27930

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13...

6.5CVSS6.5AI score0.01139EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/03/18 4:15 p.m.29 views

CVE-2024-27930

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13...

6.5CVSS5.8AI score0.01139EPSS
Exploits1References4
Rows per page
Query Builder