VYPR
Unrated severityNVD Advisory· Published Nov 3, 2022· Updated Apr 22, 2025

Cross-Site Scripting (XSS) in external links in GLPI

CVE-2022-39277

Description

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <10.0.4+ 1 more
    • (no CPE)range: <10.0.4
    • (no CPE)range: >= 0.60, < 10.0.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.