2 matches found
CVE-2022-39398
CVE-2022-39398 concerns the tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting (XSS) by creating XSS in task content when added. The issue is explicitly patched in version 2.0.3 ; no public workarounds are documented. Connected sources confirm the v...
CVE-2024-56801
Tasklists for GLPI has a blind SQL injection vulnerability in versions prior to 2.0.4, fixed by the 2.0.4 patch. Some sources indicate the issue affects the /ajax/reorder.php endpoint. The CVE documents high impact (per CVSS data) but no exploit details are provided in the connected documents. Re...