Anhln-3312

#13831of 53,632
19.5Total CVSS
Vulnerabilities · 3
Medium
3
PT-2024-10105
6.5
2024-11-15
Glpi · Glpi · CVE-2024-43417
**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.17 **Description** The issue is related to a lack of protection of the web page structure in the GLPI system, which can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. Specifically, an unauthenticated user can provide a malicious link to a GLPI technician to exploit a reflected XSS vulnerability located in the Software form. **Recommendations** For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the Software form until the upgrade is applied. Additionally, technicians should be cautious when clicking on links provided by unauthenticated users to minimize the risk of exploitation.
PT-2024-10110
6.5
2024-11-15
Glpi · Glpi · CVE-2024-45609
**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.17 **Description** The issue is related to a reflected XSS vulnerability located in the reports pages of GLPI, a Free Asset and IT Management Software package. This vulnerability can be exploited by an unauthenticated user providing a malicious link to a GLPI technician. The vulnerability is associated with the lack of protection measures for the web page structure, allowing remote cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the reports pages until the upgrade is applied. Avoid clicking on links from untrusted sources, especially those provided by unauthenticated users, to minimize the risk of exploitation.
PT-2024-19996
6.5
2022-09-15
Glpi · Glpi · CVE-2024-23645
**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.12 **Description** A malicious URL can be used to execute XSS on reports pages. This issue affects GLPI, a Free Asset and IT Management Software package. **Recommendations** For versions prior to 10.0.12, upgrade to 10.0.12 to resolve the issue. As a temporary workaround, consider restricting access to reports pages until the upgrade is applied.