Lucene search
K

5 matches found

UbuntuCve
UbuntuCve
added 2022/04/21 5:15 p.m.40 views

CVE-2022-24868

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...

7.3CVSS6.3AI score0.00615EPSS
Exploits0References3
CVE
CVE
added 2022/04/21 4:55 p.m.89 views

CVE-2022-24868

GLPI prior to version 10.0.0 is vulnerable to a cross-site scripting (XSS) via SVG avatar uploads due to insufficient sanitization. An attacker can inject JavaScript into user avatars, and any user viewing the affected avatar could be exposed to the XSS payload. Remediation per the provided sourc...

7.3CVSS6.1AI score0.00615EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/21 4:55 p.m.5 views

CVE-2022-24868 Cross site scripting via SVG file upload in GLPI

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...

7.3CVSS7AI score0.00615EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/04/21 4:55 p.m.30 views

CVE-2022-24868 Cross site scripting via SVG file upload in GLPI

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...

7.3CVSS7.2AI score0.00615EPSS
Exploits0References2
OSV
OSV
added 2022/04/21 4:55 p.m.27 views

CVE-2022-24868 Cross site scripting via SVG file upload in GLPI

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...

7.3CVSS6.5AI score0.00615EPSS
Exploits0References4
Rows per page
Query Builder