Glpi-Project: >> Glpi >> 9.3.4 Security Vulnerabilities
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
CVSS Score
5.9
EPSS Score
0.005
Published
2019-07-10
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-04
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-03-27
Page 11