Reflected XSS Vulnerability in GLPI IT Management Software
CVE-2024-43418

6.1MEDIUM

Key Information:

Vendor: Glpi-project
Status: Glpi
Vendor: CVE Published:; 15 November 2024

Summary

A reflected XSS vulnerability exists in the GLPI IT management software, allowing an unauthenticated attacker to exploit this weakness. By crafting a malicious link, an attacker could trick a GLPI technician into clicking it, potentially executing arbitrary JavaScript in the context of the user's session. It is crucial for users to upgrade to version 10.0.17 or later to mitigate this risk and enhance the security of their GLPI environment.

References

https://github.com/glpi-project/glpi/security/advisories/...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024