Glpi@* Security Vulnerabilities and Issues — Glpi@* CVE List

Lucene search

Glpi-projectGlpi*

9 matches found

CVE•added 2021/03/08 5:15 p.m.•90 views

CVE-2021-21325

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting atta...

6.2CVSS5.2AI score0.00508EPSS

CVE•added 2021/03/08 5:15 p.m.•88 views

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to ca...

7.5CVSS6.8AI score0.003EPSS

Web

CVE•added 2021/03/03 8:15 p.m.•51 views

CVE-2021-21313

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not prope...

6.1CVSS5.7AI score0.00388EPSS

Web

CVE•added 2021/03/03 8:15 p.m.•49 views

CVE-2021-21314

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.

5.4CVSS5.2AI score0.00321EPSS

CVE•added 2021/03/08 5:15 p.m.•49 views

CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the abili...

6.8CVSS6.6AI score0.00312EPSS

Web

CVE•added 2021/03/03 8:15 p.m.•43 views

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/docume...

5.4CVSS5.4AI score0.00321EPSS

Web

CVE•added 2021/09/15 5:15 p.m.•43 views

CVE-2021-39210

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...

6.5CVSS6.3AI score0.00329EPSS

CVE•added 2021/03/08 5:15 p.m.•41 views

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fi...

7.7CVSS6.5AI score0.00211EPSS

CVE•added 2021/09/15 4:15 p.m.•39 views

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

8.8CVSS8.7AI score0.00137EPSS