Skip to content

Stored XSS through global search

Moderate
trasher published GHSA-43j5-xhvj-9236 Sep 14, 2022

Package

glpi (glpi)

Affected versions

>= 10.0.0 & < 10.0.3

Patched versions

10.0.3

Description

Impact

Script related HTML tags in global search context are not properly neutralized.

Patches

Upgrade to 10.0.3.

Workarounds

Disable global search.

References

.

Severity

Moderate
6.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE ID

CVE-2022-31187

Weaknesses

Credits