CVE-2023-22722

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Information

Published : 2023-01-26 13:18

Updated : 2023-02-01 12:54


NVD link : CVE-2023-22722

Mitre link : CVE-2023-22722


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

glpi-project

  • glpi