UBUNTU-CVE-2024-41678

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

CVE-2024-41678 GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

CVE-2024-41678 GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

CVE-2024-41678

GLPI-CVE-2024-41678: A reflected XSS exists in GLPI that can be triggered by an unauthenticated user sending a malicious link to a GLPI technician. The advisory instructs upgrading to GLPI 10.0.17 or later to mitigate. Impact details in the sources indicate potential confidentiality and integrity...

CVE-2024-41678 GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

CVE-2024-40638 GLPI allows account takeover via SQL Injection in AJAX scripts

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

CVE-2024-40638

GLPI is affected by multiple issues across versions 0.65–10.0.18 with several independently reported flaws (SQL injection, SSRF, missing/weak permission checks, and XSS) that can lead to account data compromise, unauthorized access, or phishing. The CVE-2024-40638 description notes authenticated ...

CVE-2024-40638 GLPI allows account takeover via SQL Injection in AJAX scripts

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

CVE-2024-40638 GLPI allows account takeover via SQL Injection in AJAX scripts

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

CVE-2024-47759

GLPI (Asset and IT Management software) is affected by CVE-2024-47759 through insecure handling of uploaded SVGs, enabling a technician to place a malicious script that executes when a document is viewed. Connected sources corroborate broader GLPI-related vulnerabilities and consistently recommen...

CVE-2024-47759 GLPI has a stored XSS via document upload

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17...

CVE-2024-47759 GLPI has a stored XSS via document upload

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17...

CVE-2024-47759 GLPI has a stored XSS via document upload

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

PT-2024-10106 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to the lack of protection of the web page structure in GLPI, allowing for a remote attacker to conduct a cross-site scripting XSS attack. An authenticated user can bypass access...

PT-2024-10111 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to insufficient protection of the web page structure and inadequate data sanitization in GLPI, allowing a remote attacker to conduct a cross-site scripting XSS attack. This can ...

PT-2024-10110 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a reflected XSS vulnerability located in the reports pages of GLPI, a Free Asset and IT Management Software package. This vulnerability can be exploited by an unauthenticated...

PT-2024-10108 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a reflected XSS vulnerability located in the Cable form of GLPI, an open-source asset and IT management software package. This vulnerability can be exploited by an...