CVE-2024-45609

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a reflected XSS vulnerability located in the reports pages of GLPI, a Free Asset and IT Management Software package. This vulnerability can be exploited by an unauthenticated user providing a malicious link to a GLPI technician. The vulnerability is associated with the lack of protection measures for the web page structure, allowing remote cross-site scripting (XSS) attacks.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the reports pages until the upgrade is applied. Avoid clicking on links from untrusted sources, especially those provided by unauthenticated users, to minimize the risk of exploitation.