An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/pull/3647 | Issue Tracking Third Party Advisory |
https://membership.backbox.org/glpi-9-2-1-multiple-vulnerabilities/ | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-12T21:00:00
Updated: 2018-03-12T20:57:01
Reserved: 2018-02-28T00:00:00
Link: CVE-2018-7563
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-12T21:29:01.203
Modified: 2018-04-11T15:01:42.353
Link: CVE-2018-7563
JSON object: View
Redhat Information
No data.
CWE