Trasher

**Name of the Vulnerable Software and Affected Versions** Galette versions prior to 1.2.0 **Description** Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, it was possible to gain higher privileges by updating an existing account using a self-forged POST request. The issue was addressed in version 1.2.0. The application accepts POST requests to update account information, and improper validation of the request data allowed an attacker to manipulate account privileges. The vulnerable operation involves submitting a crafted POST request to modify account details, potentially elevating the user's role within the system. **Recommendations** Update to version 1.2.0 or later.

Name of the Vulnerable Software and Affected Versions: Escalade GLPI plugin versions prior to 2.9.11 Description: The issue is related to improper access control, which can lead to data exposure and workflow disruptions. Recommendations: For versions prior to 2.9.11, update to version 2.9.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions 0.6.0 through 10.0.5 **Description** The issue is related to the incorrect neutralization of input data during web page generation, which can be exploited by a remote attacker to create a malicious external link. This can allow an administrator to create harmful links. **Recommendations** For GLPI versions 0.6.0 through 10.0.5, update to version 10.0.6 to resolve the issue. As a temporary workaround, consider restricting the ability to create external links until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.6 **Description** The issue concerns cross-site scripting via malicious RSS feeds. An administrator can import a malicious RSS feed containing Cross Site Scripting (XSS) payloads inside RSS links. When victims visit the RSS content and click on the link, they will execute the Javascript. **Recommendations** For versions prior to 10.0.6, update to version 10.0.6 to resolve the issue. As a temporary workaround, consider restricting the import of RSS feeds from untrusted sources to minimize the risk of exploitation. Avoid clicking on links from RSS feeds that may contain malicious payloads until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to the GLPI update script, which allows connected users to gain access to the debug panel. This could potentially allow a remote attacker to impact the system's integrity. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. As a temporary workaround, consider deleting the `install/update.php` script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to the lack of proper sanitization of external links, which can be used for a Cross-Site Scripting (XSS) attack. This allows a remote attacker to exploit the vulnerability. **Recommendations** For versions prior to 10.0.4, upgrade to GLPI 10.0.4 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue allows authenticated users to store malicious code in their account information, potentially leading to a cross-site scripting (XSS) attack. This could enable a remote attacker to conduct such an attack by exploiting the lack of protection measures for the web page structure. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. At the moment, there is no information about other workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to the usage of RSS feeds or an external calendar in planning, which is subject to a Server-Side Request Forgery (SSRF) exploit. If a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by the administrator. This could allow a remote attacker to redirect users to an arbitrary URL. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. As a temporary workaround, consider disabling the usage of RSS feeds or external calendars in planning until the patch is applied. Restrict access to the planning feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue allows an administrator to store malicious code in an entity name. This can potentially lead to security breaches. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.3 **Description** The issue is related to a SQL injection attack that could allow an attacker to simulate an arbitrary user login. This is due to the lack of protection measures for the SQL query structure. The vulnerability can be exploited remotely, potentially allowing an attacker to scan server ports or services and conduct SQL injection attacks. **Recommendations** For versions prior to 10.0.3, upgrade to version 10.0.3 to resolve the issue. As a temporary workaround for users unable to upgrade, disable the `Enable login with external token` API configuration.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.3 **Description** The issue concerns the exposure of private information defined in the setup of GLPI, such as smtp or cas hosts, to unauthorized individuals. This exposure can be exploited remotely, allowing attackers to disclose confidential data. Note that passwords are not exposed. **Recommendations** For versions prior to 10.0.3, upgrade to version 10.0.3 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.3 **Description** The issue is related to the usage of RSS feeds or external calendar in planning, which is subject to Server-Side Request Forgery (SSRF) exploit. This allows an attacker to scan server ports or services opened on the GLPI server or its private network. The queries' responses are not exposed to the end-user, making it a blind SSRF. **Recommendations** For versions prior to 10.0.3, upgrade to version 10.0.3 to resolve this issue. At the moment, there are no known workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.3 **Description** The issue is related to the improper escaping of information associated with the registration key on the registration key configuration page in GLPI, a Free Asset and IT Management Software package. This can be exploited to steal a GLPI administrator cookie, allowing an attacker to gain unauthorized access. There are no known workarounds for this issue. **Recommendations** For versions prior to 10.0.3, upgrade to version 10.0.3 to resolve the issue. As a temporary workaround, do not use a registration key created by an untrusted person.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.2 **Description** The issue affects GLPI instances with the native inventory used, potentially leaking sensitive information due to a lack of authentication in the feature to get refused files. **Recommendations** For versions prior to 10.0.2, upgrade to version 10.0.2 to address the issue. As a temporary workaround, consider restricting access to the native inventory feature until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.2 **Description** The issue affects all assistance forms, including Ticket, Change, and Problem, allowing sql injection on the actor fields. This has been resolved in version 10.0.2. **Recommendations** For versions prior to 10.0.2, upgrade to version 10.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the assistance forms, specifically the actor fields, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.1 **Description** The issue allows an attacker to add extra information by SQL injection on search pages. This can be exploited if a user is logged in. **Recommendations** For versions prior to 10.0.1, update to version 10.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to search pages for logged-in users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.1 **Description** The issue is related to a cross-site scripting vulnerability in the Kanban view of GLPI, which can be exploited by injecting HTML code in a user's name. Users are advised to upgrade to a newer version to resolve the issue. **Recommendations** For versions prior to 10.0.1, upgrade to version 10.0.1 or later to resolve the issue. As a temporary workaround, consider restricting user input in the Kanban view to prevent HTML code injection until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.0 **Description** The issue is related to a lack of sanitization on SVG file uploads, allowing an attacker to inject javascript into a user's avatar. This can lead to a cross-site scripting attack when any user views the avatar. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. The vulnerability can be exploited by uploading a specially crafted SVG file, which allows the attacker to conduct a cross-site scripting attack. Technical details about exploitation include the lack of sanitization on `SVG file uploads` and the ability to inject `javascript` into the `user avatar`. **Recommendations** For versions prior to 10.0.0, users are advised to upgrade to a newer version. As a temporary workaround, users unable to upgrade should disallow SVG avatars to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI (affected versions not specified) **Description** The issue is related to an error in the configuration transfer to javascript in the GLPI system, where some entries are filtered out, but the `ldap pass` variable is not. This allows a remote attacker to gain unauthorized access to the root dn password. GLPI is a free asset and IT management software package that provides ITIL Service Desk features, licenses tracking, and software auditing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.5.7 **Description** The issue is related to reflected cross-site scripting in GLPI, a free asset and IT management software package. This can allow a remote attacker to perform cross-site scripting attacks by exploiting the lack of protection measures for the web page structure. There are no known workarounds for this issue. **Recommendations** For versions prior to 9.5.7, update to version 9.5.7 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or modules until the patch is applied.