ReportizFlow
Filtered by vendor Glpi-project
Subscriptions
Total
173 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39371 | 1 Glpi-project | 1 Glpi | 2025-04-23 | 7.5 High |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | ||||
| CVE-2022-39372 | 1 Glpi-project | 1 Glpi | 2025-04-23 | 3.5 Low |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | ||||
| CVE-2022-39373 | 1 Glpi-project | 1 Glpi | 2025-04-23 | 4.9 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4. | ||||
| CVE-2022-39375 | 1 Glpi-project | 1 Glpi | 2025-04-23 | 4.5 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | ||||
| CVE-2022-39376 | 1 Glpi-project | 1 Glpi | 2025-04-23 | 2.6 Low |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | ||||
| CVE-2022-39262 | 1 Glpi-project | 1 Glpi | 2025-04-22 | 5.2 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4. | ||||
| CVE-2022-39276 | 1 Glpi-project | 1 Glpi | 2025-04-22 | 3.5 Low |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds. | ||||
| CVE-2022-39277 | 1 Glpi-project | 1 Glpi | 2025-04-22 | 4.5 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds. | ||||
| CVE-2016-7509 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | ||||
| CVE-2016-7507 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | ||||
| CVE-2017-11474 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | ||||
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | ||||
| CVE-2017-11329 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | ||||
| CVE-2017-11475 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | ||||
| CVE-2017-11183 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | ||||
| CVE-2016-7508 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. | ||||
| CVE-2014-9258 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | ||||
| CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | ||||
| CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | ||||
| CVE-2013-2225 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. | ||||