CVE-2024-45610

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a reflected XSS vulnerability located in the Cable form of GLPI, an open-source asset and IT management software package. This vulnerability can be exploited by an unauthenticated user providing a malicious link to a GLPI technician. The exploitation of this vulnerability may allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the Cable form until the upgrade is applied. Avoid providing or clicking on suspicious links from untrusted sources to minimize the risk of exploitation.