Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-23610
GLPI is a Free Asset and IT Management Software package. Versions before 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to ac...
Glpi-project Glpi
6.1
CVSSv3
CVE-2023-22722
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, before 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make ac...
Glpi-project Glpi
4.8
CVSSv3
CVE-2023-22725
GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, before 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.
Glpi-project Glpi
2 Github repositories
7.5
CVSSv3
CVE-2023-22500
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, before 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbil...
Glpi-project Glpi
4.8
CVSSv3
CVE-2022-41941
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, before 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.
Glpi-project Glpi
6.1
CVSSv3
CVE-2022-39181
GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supp...
Glpi-project Reports -
6.1
CVSSv3
CVE-2022-39398
tasklists is a tasklists plugin for GLPI (Kanban). Versions before 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) - Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds.
Infotel Tasklists
4.8
CVSSv3
CVE-2022-39277
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site...
Glpi-project Glpi
4.3
CVSSv3
CVE-2022-39370
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This ...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-39371
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralize...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »