Skip to content

Reflexive XSS in Dropdown menus

Moderate
orthagh published GHSA-3xxh-f5p2-jg3h May 11, 2020

Package

glpi-project/glpi

Affected versions

> 0.68.1

Patched versions

9.4.6

Description

Impact

Due to an invalid Content-Type, multiple Reflexive XSS occur in Dropdown endpoints.

Patches

5e1c52c

Reference

https://offsec.almond.consulting/multiple-vulnerabilities-in-glpi.html

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2020-11062

Weaknesses

No CWEs