Home > Vulnerability Database > CVE-2022-24869

Mend.io Vulnerability Database

CVE-2022-24869

Good to know:

Date: April 21, 2022

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross site scripting attack vector. This issue is partially mitigated by cors security of browsers, though users are still advised to upgrade.

Language: PHP

Severity Score

4.6

Related Resources (6)

Url: https://github.com/glpi-project/glpi/security/advisories/GHSA-p94c-8qp5-gfpx

Url: https://github.com/glpi-project/glpi/commit/ac9f1f03c5d2545b7e290197dbfebc3f752f810e

Url: https://github.com/glpi-project/glpi/blob/10.0/bugfixes/CHANGELOG.md#1000-2022-04-20

Url: https://github.com/glpi-project/glpi/releases/tag/10.0.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24869

Url: https://www.mend.io/vulnerability-database/CVE-2022-24869

Severity Score

4.6

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 10.0.0

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24869

Good to know:

Date: April 21, 2022

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?