CVE-2022-24876

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:glpi-project:glpi:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:rc3:*:*:*:*:*:*

History

17 Jun 2022, 19:22

Type Values Removed Values Added
CPE cpe:2.3:a:glpi-project:glpi:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:10.0.0:beta:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4
References (CONFIRM) https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr - (CONFIRM) https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr - Third Party Advisory
References (MISC) https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6 - (MISC) https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6 - Patch, Third Party Advisory

09 Jun 2022, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-09 19:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-24876

Mitre link : CVE-2022-24876

CVE.ORG link : CVE-2022-24876


JSON object : View

Products Affected

glpi-project

  • glpi
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')