CVE-2024-41678

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a reflected XSS vulnerability in GLPI, a free asset and IT management software package. An unauthenticated user can exploit this vulnerability by providing a malicious link to a GLPI technician. This can allow a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to the lack of protection of the web page structure.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to links from unauthenticated users to minimize the risk of exploitation.