GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/commit/e9b16bc8e9b61ebb2d35b96b9c71cd25c5af9e48 | Patch Third Party Advisory |
https://github.com/glpi-project/glpi/releases/tag/9.5.7 | Release Notes Third Party Advisory |
https://github.com/glpi-project/glpi/security/advisories/GHSA-6cj4-g839-gj5j | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-01-28T10:06:31
Updated: 2022-01-28T10:06:31
Reserved: 2021-11-16T00:00:00
Link: CVE-2022-21719
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-28T10:15:07.930
Modified: 2022-02-02T17:43:05.880
Link: CVE-2022-21719
JSON object: View
Redhat Information
No data.
CWE