4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.5%
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free
Asset and IT Management Software package that provides ITIL Service Desk
features, licenses tracking and software auditing. External links are not
properly sanitized and can therefore be used for a Cross-Site Scripting
(XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4.
There are currently no known workarounds.
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.5%