CVE-2024-27104

CVSS v2.0

6.1

Medium

Vector

AV:N/AC:L/Au:M/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.13

Description The issue is related to improper input neutralization during web page creation, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. A user with rights to create and share dashboards can build a dashboard containing javascript code, and any user who opens this dashboard will be subject to an XSS attack.

Recommendations For versions prior to 10.0.13, update to version 10.0.13 to resolve the issue. As a temporary workaround, consider restricting access to dashboard creation and sharing features to minimize the risk of exploitation. Avoid using dashboards that contain javascript code until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2022-2614

ALT-PU-2022-2624

ALT-PU-2022-2665

ALT-PU-2023-7633

ALT-PU-2024-4487

ALT-PU-2024-4750

ALT-PU-2024-8030

ALT-PU-2024-8094

BDU:2024-03510

CVE-2024-27104

GHSA-PRC3-CX5M-H5MJ

Affected Products

Alt Linux

Glpi

Red Os

CVE-2024-27104

Weakness Enumeration

Related Identifiers

Affected Products

References · 24