VYPR
Unrated severityNVD Advisory· Published Jun 9, 2022· Updated Apr 23, 2025

Stored cross site scrpting in GLPI's Kanban

CVE-2022-24876

Description

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <10.0.1+ 1 more
    • (no CPE)range: <10.0.1
    • (no CPE)range: < 10.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.