CVE-2024-43418

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a reflected XSS vulnerability in GLPI, a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician to exploit this vulnerability. This can allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting the ability of unauthenticated users to send links to GLPI technicians until the upgrade is applied.