Vulnerability Details CVE-2022-24876
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6
- https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr
- https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6
- https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr
Products affected by CVE-2022-24876
-
cpe:2.3:a:glpi-project:glpi:10.0.0