5 matches found
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...
CVE-2022-24868
GLPI prior to version 10.0.0 is vulnerable to a cross-site scripting (XSS) via SVG avatar uploads due to insufficient sanitization. An attacker can inject JavaScript into user avatars, and any user viewing the affected avatar could be exposed to the XSS payload. Remediation per the provided sourc...
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...