VYPR
Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Aug 2, 2024

Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

CVE-2024-27914

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <10.0.13+ 1 more
    • (no CPE)range: <10.0.13
    • (no CPE)range: >= 10.0.8, < 10.0.13

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.