CVE-2022-39181

Name of the Vulnerable Software and Affected Versions GLPI reports plugin (affected versions not specified)

Description The issue is related to the incorrect neutralization of input data during web page generation, allowing a remote attacker to conduct Cross-Site-Scripting (XSS) attacks via a specially crafted website. This is a Reflected Cross-Site-Scripting (RXSS) vulnerability, where the server reads data directly from the HTTP request and reflects it back in the HTTP response. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.