Filtered by vendor Glpi-project Subscriptions
Filtered by product Glpi Subscriptions
Total 143 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45610 1 Glpi-project 1 Glpi 2024-11-20 6.5 Medium
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17.
CVE-2024-45611 1 Glpi-project 1 Glpi 2024-11-19 5.7 Medium
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload to triggger a stored XSS. Upgrade to 10.0.17.
CVE-2024-38370 1 Glpi-project 1 Glpi 2024-11-18 5.3 Medium
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.