5.4
CVE-2022-24876
- EPSS 0.2%
- Veröffentlicht 09.06.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:51:18
- Quelle security-advisories@github.com
- Teams Watchlist Login
- Unerledigt Login
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Glpi-project ≫ Glpi Version10.0.0 Update-
Glpi-project ≫ Glpi Version10.0.0 Updatebeta
Glpi-project ≫ Glpi Version10.0.0 Updaterc1
Glpi-project ≫ Glpi Version10.0.0 Updaterc2
Glpi-project ≫ Glpi Version10.0.0 Updaterc3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.417 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| security-advisories@github.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.