GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting attack. To exploit this endpoint attacker need to be authenticated. This is fixed in version 9.5.4.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/releases/tag/9.5.4 | Release Notes Third Party Advisory |
https://github.com/glpi-project/glpi/security/advisories/GHSA-m574-f3jw-pwrf | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-03-08T17:00:27
Updated: 2021-03-08T17:00:27
Reserved: 2020-12-22T00:00:00
Link: CVE-2021-21325
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-08T17:15:12.960
Modified: 2021-03-17T13:09:37.837
Link: CVE-2021-21325
JSON object: View
Redhat Information
No data.
CWE