PT-2022-1461 · Glpi+2 · Glpi+2

Janosvaszi

Published

2022-01-27

Updated

2024-05-22

CVE-2022-21719

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.5.7

Description The issue is related to reflected cross-site scripting in GLPI, a free asset and IT management software package. This can allow a remote attacker to perform cross-site scripting attacks by exploiting the lack of protection measures for the web page structure. There are no known workarounds for this issue.

Recommendations For versions prior to 9.5.7, update to version 9.5.7 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or modules until the patch is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2022-1463

ALT-PU-2022-1514

ALT-PU-2022-1526

ALT-PU-2022-2614

ALT-PU-2022-2624

ALT-PU-2022-2665

ALT-PU-2023-7633

ALT-PU-2024-8030

ALT-PU-2024-8094

BDU:2022-00590

CVE-2022-21719

GHSA-6CJ4-G839-GJ5J

Affected Products

Alt Linux

Glpi

Red Os

PT-2022-1461 · Glpi+2 · Glpi+2

CVE-2022-21719

Weakness Enumeration

Related Identifiers

Affected Products

References · 24