Filtered by vendor Glpi-project
Subscriptions
Filtered by product Glpi
Subscriptions
Total
143 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45610 | 1 Glpi-project | 1 Glpi | 2024-11-20 | 6.5 Medium |
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17. | ||||
CVE-2024-45611 | 1 Glpi-project | 1 Glpi | 2024-11-19 | 5.7 Medium |
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload to triggger a stored XSS. Upgrade to 10.0.17. | ||||
CVE-2024-38370 | 1 Glpi-project | 1 Glpi | 2024-11-18 | 5.3 Medium |
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16. |