CVE-2024-45611 GLPI has a stored XSS at src/RSSFeed.php

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload t...

CVE-2024-45611 GLPI has a stored XSS at src/RSSFeed.php

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload t...

CVE-2024-45611 GLPI has a stored XSS at src/RSSFeed.php

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload t...

CVE-2024-45609

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages...

UBUNTU-CVE-2024-45609

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages...

CVE-2024-45610 GLPI has a reflected XSS in ajax/cable.php

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...

CVE-2024-45610

GLPI CVE-2024-45610 describes a reflected XSS in the Cable form that can be exploited by an unauthenticated user. The initial description recommends upgrading to version 10.0.17. Connected sources indicate GLPI versions affected include 9.x through 10.0.18 and third-party advisories/CSAs referenc...

CVE-2024-45610 GLPI has a reflected XSS in ajax/cable.php

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...

CVE-2024-45610 GLPI has a reflected XSS in ajax/cable.php

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...

CVE-2024-45609 GLPI has a Reflected XSS in /front/stat.graph.php

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages...

CVE-2024-45609 GLPI has a Reflected XSS in /front/stat.graph.php

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages...

CVE-2024-45609 GLPI has a Reflected XSS in /front/stat.graph.php

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages...

CVE-2024-45609

GLPI-CVE-2024-45609 is confirmed in connected sources as a GLPI vulnerability with web-exposed input that can be exploited via XSS in reports. The initial description notes an unauthenticated user can deliver a malicious link to a GLPI technician to trigger a reflected XSS and advises upgrading t...

CVE-2024-45608

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...

CVE-2024-43417

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17...

CVE-2024-43418

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

CVE-2024-41679

GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...

UBUNTU-CVE-2024-41679

GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...

UBUNTU-CVE-2024-43418

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

UBUNTU-CVE-2024-45608

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...