Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

9 matches found

CVE•added 2021/03/08 5:15 p.m.•89 views

CVE-2021-21325

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting atta...

6.2CVSS5.2AI score0.00467EPSS

CVE•added 2021/03/08 5:15 p.m.•87 views

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to ca...

7.5CVSS6.8AI score0.003EPSS

CVE•added 2021/03/03 8:15 p.m.•49 views

CVE-2021-21313

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not prope...

6.1CVSS5.7AI score0.00388EPSS

CVE•added 2021/03/03 8:15 p.m.•47 views

CVE-2021-21314

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.

5.4CVSS5.2AI score0.00321EPSS

CVE•added 2021/03/08 5:15 p.m.•47 views

CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the abili...

6.8CVSS6.6AI score0.00312EPSS

CVE•added 2021/03/02 8:15 p.m.•45 views

CVE-2021-21255

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.

5.8CVSS5.7AI score0.00279EPSS

CVE•added 2021/03/03 8:15 p.m.•42 views

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/docume...

5.4CVSS5.4AI score0.00321EPSS

CVE•added 2021/03/02 8:15 p.m.•41 views

CVE-2021-21258

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed i...

6.8CVSS5.8AI score0.00281EPSS

CVE•added 2021/03/08 5:15 p.m.•39 views

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fi...

7.7CVSS6.5AI score0.00211EPSS