Published on: Not Yet Published
Last Modified on: 02/01/2023 08:54:00 PM UTC
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.
- CVE-2023-22722 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: glpi-project - glpi version = >= 9.4.0, < 10.0.6
CVSS3 Score: 6.1 - MEDIUM
|XSS on browse views · Advisory · glpi-project/glpi · GitHub|| github.com |
Known Affected Configurations (CPE V2.3)
|@CVEreport||CVE-2023-22722 : GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6… twitter.com/i/web/status/1…||2023-01-26 22:01:09|