CVE-2024-43417

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a lack of protection of the web page structure in the GLPI system, which can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. Specifically, an unauthenticated user can provide a malicious link to a GLPI technician to exploit a reflected XSS vulnerability located in the Software form.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the Software form until the upgrade is applied. Additionally, technicians should be cautious when clicking on links provided by unauthenticated users to minimize the risk of exploitation.