6 matches found
Security fix for the ALT Linux 9 package glpi version 9.5.10-alt1
Nov. 4, 2022 Pavel Zilke 9.5.10-alt1 - New version 9.5.10 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information +...
CVE-2022-39376
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...
CVE-2022-39376 Improper input validation on emails links in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...
CVE-2022-39376 Improper input validation on emails links in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...
CVE-2022-39376
CVE-2022-39376 affects GLPI (Gestionnaire Libre de Parc Informatique). The issue allows injecting custom field values in mailto links. It has been patched; upgrade to GLPI v10.0.4 or later to mitigate. The connected security sources also cite GLPI-related risks in older branches (pre-10.0.13), in...
CVE-2022-39376 Improper input validation on emails links in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...