Vulnerability Details CVE-2021-21258
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 3.5
References
- https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15
- https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx
- https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15
- https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx
Products affected by CVE-2021-21258
-
cpe:2.3:a:glpi-project:glpi:9.5.0
-
cpe:2.3:a:glpi-project:glpi:9.5.1
-
cpe:2.3:a:glpi-project:glpi:9.5.2
-
cpe:2.3:a:glpi-project:glpi:9.5.3