VYPR

Glpi

by Glpi Project

Source repositories

CVEs (201)

  • CVE-2023-28636Apr 5, 2023
    risk 0.00cvss epss 0.01

    GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.

  • CVE-2023-28634Apr 5, 2023
    risk 0.00cvss epss 0.01

    GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session…

  • CVE-2023-28633Apr 5, 2023
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is…

  • CVE-2023-28632Apr 5, 2023
    risk 0.00cvss epss 0.01

    GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying…

  • CVE-2023-28639Apr 5, 2023
    risk 0.00cvss epss 0.01

    GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted…

  • CVE-2022-41941Jan 25, 2023
    risk 0.00cvss epss 0.01

    GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.

  • CVE-2023-22500Jan 25, 2023
    risk 0.00cvss epss 0.01

    GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are…

  • CVE-2023-22722Jan 25, 2023
    risk 0.00cvss epss 0.01

    GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make…

  • CVE-2023-22724Jan 25, 2023
    risk 0.00cvss epss 0.01

    GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to…

  • CVE-2023-22725Jan 25, 2023
    risk 0.00cvss epss 0.01

    GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.

  • CVE-2023-23610Jan 25, 2023
    risk 0.00cvss epss 0.01

    GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to…

  • CVE-2022-39276Nov 3, 2022
    risk 0.00cvss epss 0.01

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit.…

  • CVE-2022-39370Nov 3, 2022
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This…

  • CVE-2022-39234Nov 3, 2022
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie…

  • CVE-2022-39373Nov 3, 2022
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched,…

  • CVE-2022-39277Nov 3, 2022
    risk 0.00cvss epss 0.01

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a…

  • CVE-2022-39376Nov 3, 2022
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has…

  • CVE-2022-39372Nov 3, 2022
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This…

  • CVE-2022-39323Nov 3, 2022
    risk 0.00cvss epss 0.34

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been…

  • CVE-2022-39371Nov 3, 2022
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly…

Page 7 of 11