Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-39372
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issu...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-31187
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global searc...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-24876
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions before 10.0.1 a user can exploit a cros...
Glpi-project Glpi 10.0.0
5.4
CVSSv3
CVE-2022-24869
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross sit...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a resu...
Glpi-project Glpi
5.4
CVSSv3
CVE-2021-21258
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.p...
Glpi-project Glpi
5.4
CVSSv3
CVE-2020-11062
In GLPI after 0.68.1 and prior to 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.
Glpi-project Glpi
5.4
CVSSv3
CVE-2020-11036
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "<script>alert(1)</script>" reproduces the attack. This ...
Glpi-project Glpi
5.4
CVSSv3
CVE-2019-1010307
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket...
Glpi-project Glpi 9.3.1
5.4
CVSSv3
CVE-2016-7509
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated malicious users to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
Glpi-project Glpi 0.90.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »