Lucene search
K

6 matches found

ALT Linux
ALT Linux
added 2022/11/04 12:0 a.m.145 views

Security fix for the ALT Linux 9 package glpi version 9.5.10-alt1

Nov. 4, 2022 Pavel Zilke 9.5.10-alt1 - New version 9.5.10 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information +...

6.4AI score0.34251EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2022/11/03 4:15 p.m.20 views

CVE-2022-39376

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

6.5CVSS6.7AI score0.00477EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.26 views

CVE-2022-39376 Improper input validation on emails links in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

2.6CVSS6.6AI score0.00477EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.7 views

CVE-2022-39376 Improper input validation on emails links in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

2.6CVSS6.4AI score0.00477EPSS
Exploits0References1
CVE
CVE
added 2022/11/03 12:0 a.m.69 views

CVE-2022-39376

CVE-2022-39376 affects GLPI (Gestionnaire Libre de Parc Informatique). The issue allows injecting custom field values in mailto links. It has been patched; upgrade to GLPI v10.0.4 or later to mitigate. The connected security sources also cite GLPI-related risks in older branches (pre-10.0.13), in...

6.5CVSS5.2AI score0.00477EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/03 12:0 a.m.30 views

CVE-2022-39376 Improper input validation on emails links in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

2.6CVSS7.1AI score0.00477EPSS
Exploits0References3
Rows per page
Query Builder