Lucene search

Ubuntu.comUB:CVE-2023-22722

HistoryJan 26, 2023 - 12:00 a.m.

CVE-2023-22722

2023-01-2600:00:00

ubuntu.com

glpi

asset management

cross-site scripting

vulnerability

version 10.0.6

unix

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

32.0%

JSON

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and
above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can
persuade a victim into opening a URL containing a payload exploiting this
vulnerability. After exploited, the attacker can make actions as the victim
or exfiltrate session cookies. This issue is patched in version 10.0.6.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchglpi< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	glpi	< any	UNKNOWN

References

github.com/glpi-project/glpi/security/advisories/GHSA-352j-wr38-493c

launchpad.net/bugs/cve/CVE-2023-22722

nvd.nist.gov/vuln/detail/CVE-2023-22722

security-tracker.debian.org/tracker/CVE-2023-22722

www.cve.org/CVERecord?id=CVE-2023-22722

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

32.0%

JSON

Related for UB:CVE-2023-22722