Unrated severityNVD Advisory· Published Nov 3, 2022· Updated Apr 22, 2025
Cross-Site Scripting (XSS) in external links in GLPI
CVE-2022-39277
Description
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<10.0.4+ 1 more
- (no CPE)range: <10.0.4
- (no CPE)range: >= 0.60, < 10.0.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.