You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cedric-anne
published
GHSA-rcxj-fqr4-q34rMar 18, 2024
Package
glpi
(glpi)
Affected versions
>= 10.0.8
Patched versions
10.0.13
Description
Impact
An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar.
Patches
Upgrade to 10.0.13.
Workarounds
Do not use the debug mode.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.
shellkraft Reporter
Impact
An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar.
Patches
Upgrade to 10.0.13.
Workarounds
Do not use the debug mode.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.