glpi-project

210 tracked vulnerabilities.

CVE-2023-28636 MEDIUM
GLPI 0.60-9.5.12 - Authenticated Stored Cross-Site Scripting via External Link
Apr 05, 2023
CVSS 4.5
EPSS 0.01
CVE-2023-28634 HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
Apr 05, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28633 LOW
GLPI 0.84-9.5.12 - Server-Side Request Forgery via RSS Feed Autodiscovery
Apr 05, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-28632 HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
Apr 05, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-23610 MEDIUM
GLPI < 9.5.12 - Improper Privilege Management via Data Export
Jan 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-22725 MEDIUM
GLPI 0.60-9.5.12 - Stored Cross-Site Scripting via External Link
Jan 26, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-22724 MEDIUM
GLPI 10.0.0-10.0.5 - Stored Cross-Site Scripting via RSS Feed Import
Jan 26, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-22722 MEDIUM
GLPI 9.4.0-9.5.12 - Cross-Site Scripting via URL Payload
Jan 26, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-22500 HIGH
GLPI 10.0.0-10.0.5 - Unauthenticated Inventory File Access via FAQ
Jan 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-34128 CRITICAL
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
Apr 16, 2023
CVSS 9.8
EPSS 0.19
CVE-2022-34127 HIGH
Managentities <4.0.2 - Path Traversal
Apr 16, 2023
CVSS 7.5
EPSS 0.15
CVE-2022-34126 HIGH
GLPI Activity plugin < 3.1.1 - Path Traversal via front/cra.send.php File Parameter
Apr 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-34125 MEDIUM
GLPI CMDB < 3.0.3 - Unauthenticated Sensitive Information Exposure via File Parameter
Apr 16, 2023
CVSS 6.5
EPSS 0.06
CVE-2022-41941 MEDIUM
GLPI 10.0.0-10.0.5 - Stored Cross-Site Scripting in Help Links
Jan 26, 2023
CVSS 6.2
EPSS 0.00
CVE-2022-39181 MEDIUM
GLPI Reports Plugin - Reflected Cross-Site Scripting
Nov 17, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-39376 LOW
GLPI 0.65-10.0.3 - Improper Input Validation in Mailto Link Custom Fields
Nov 03, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-39375 MEDIUM
GLPI >=0.84 <10.0.4 - Stored Cross-Site Scripting via Public RSS Feed
Nov 03, 2022
CVSS 4.5
EPSS 0.00
CVE-2022-39373 MEDIUM
GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Entity Name
Nov 03, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-39372 LOW
GLPI 0.70-10.0.3 - Authenticated Stored Cross-Site Scripting in Account Information
Nov 03, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39371 HIGH
GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Assets Inventory Information
Nov 03, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-39370 MEDIUM
GLPI 0.70-10.0.3 - Authenticated Improper Access Control via Update Script Debug Panel
Nov 03, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39277 MEDIUM
GLPI 0.60-10.0.3 - Cross-Site Scripting via External Link Sanitization Bypass
Nov 03, 2022
CVSS 4.5
EPSS 0.00
CVE-2022-39323 HIGH
GLPI >=9.1 <10.0.4 - SQL Injection via REST API User Token
Nov 03, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-39276 LOW
GLPI < 10.0.4 - Server-Side Request Forgery via RSS Feed or External Calendar Redirect
Nov 03, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39262 MEDIUM
GLPI >=0.65 <10.0.4 - Stored Cross-Site Scripting in Login Page Rich-Text Content
Nov 03, 2022
CVSS 5.2
EPSS 0.00
Products
glpi 191 glpi-inventory-plugin 4 glpi_agent 3 glpi_inventory 3 GLPI 1 activity 1 barcode 1 cmdb 1 dashboard 1 manageentities 1 more_reporting 1 order 1 positions 1 reports 1
Quick Filters
Critical CVEs With Exploits In CISA KEV