PT-2020-12523 · Indeg+1 · Glpi+1

Published

2020-05-12

·

Updated

2020-07-27

·

CVE-2020-11062

CVSS v3.1

6.0

Medium

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions GLPI versions 0.68.1 through 9.4.5
Description The issue is related to multiple reflexive XSS that occur in "Dropdown endpoints" due to an invalid Content-Type. This has been fixed in version 9.4.6.
Recommendations For versions 0.68.1 through 9.4.5, update to version 9.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the "Dropdown endpoints" until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2020-2358
ALT-PU-2020-2455
CVE-2020-11062
GHSA-3XXH-F5P2-JG3H

Affected Products

Alt Linux
Glpi