4 matches found
CVE-2021-3486
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...
Code injection
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...
CVE-2021-3486
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...
CVE-2021-3486
CVE-2021-3486 relates to GLPI 9.5.4 where metadata is not sanitized, enabling stored XSS in plugins and execution of JavaScript in the user’s browser. The root cause is lack of proper sanitation in the metadata handling. The description provides the affected software (GLPI 9.5.4) and the impact (...