Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22724

GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6.

Published

2023-01-26T21:18:12.770

Last Modified

2024-11-21T07:45:17.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	< 10.0.6	Yes

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-x9g4-j85w-cmff Third Party Advisory ([email protected])
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9g4-j85w-cmff Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)