glpi-project

218 tracked vulnerabilities.

CVE-2022-39373 MEDIUM
GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Entity Name
Nov 03, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-39372 LOW
GLPI 0.70-10.0.3 - Authenticated Stored Cross-Site Scripting in Account Information
Nov 03, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39371 HIGH
GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Assets Inventory Information
Nov 03, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-39370 MEDIUM
GLPI 0.70-10.0.3 - Authenticated Improper Access Control via Update Script Debug Panel
Nov 03, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39277 MEDIUM
GLPI 0.60-10.0.3 - Cross-Site Scripting via External Link Sanitization Bypass
Nov 03, 2022
CVSS 4.5
EPSS 0.01
CVE-2022-39323 HIGH
GLPI >=9.1 <10.0.4 - SQL Injection via REST API User Token
Nov 03, 2022
CVSS 7.4
EPSS 0.34
CVE-2022-39276 LOW
GLPI < 10.0.4 - Server-Side Request Forgery via RSS Feed or External Calendar Redirect
Nov 03, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-39262 MEDIUM
GLPI >=0.65 <10.0.4 - Stored Cross-Site Scripting in Login Page Rich-Text Content
Nov 03, 2022
CVSS 5.2
EPSS 0.01
CVE-2022-39234 MEDIUM
GLPI < 10.0.4 - Insufficient Session Expiration
Nov 03, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-35914 CRITICAL KEVNUCLEI
GLPI htmLawed php command injection
Sep 19, 2022
CVSS 9.8
EPSS 1.00
CVE-2022-36112 LOW
GLPI < 10.0.3 - Server-Side Request Forgery via RSS Feed or External Calendar
Sep 14, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-35947 CRITICAL
GLPI < 10.0.3 - SQL Injection via External Token Login Simulation
Sep 14, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-35946 MEDIUM
GLPI < 10.0.3 - Authenticated SQL Injection via Plugin Controller
Sep 14, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-35945 MEDIUM
GLPI < 10.0.3 - Stored Cross-Site Scripting in Registration Key Configuration Page
Sep 14, 2022
CVSS 6.3
EPSS 0.01
CVE-2022-31187 MEDIUM
GLPI < 10.0.3 - Cross-Site Scripting in Global Search
Sep 14, 2022
CVSS 6.8
EPSS 0.01
CVE-2022-31143 MEDIUM
GLPI < 10.0.3 - Exposure of Sensitive Information via Setup Configuration
Sep 14, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31068 MEDIUM
GLPI 10.0.0-10.0.1 - Unauthenticated Exposure of Sensitive Information via Native Inventory
Jun 28, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31061 CRITICAL
GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page
Jun 28, 2022
CVSS 9.8
EPSS 0.51
CVE-2022-31056 CRITICAL
GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields
Jun 28, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-31082 MEDIUM
glpi-inventory-plugin < 1.0.2 - SQL Injection via Package Deployment Tasks
Jun 27, 2022
CVSS 5.8
EPSS 0.01
CVE-2022-31062 MEDIUM
glpi_inventory < 1.0.2 - Local File Inclusion via Public Script
Jun 20, 2022
CVSS 5.3
EPSS 0.06
CVE-2022-29250 HIGH
GLPI < 10.0.1 - Authenticated SQL Injection on Search Pages
Jun 09, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24876 MEDIUM
GLPI - Stored Cross-Site Scripting via Kanban User Name
Jun 09, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-24869 MEDIUM
GLPI < 10.0.0 - Cross-Site Scripting via Ticket Followups or Login Message Stylesheet Link
Apr 21, 2022
CVSS 4.6
EPSS 0.01
CVE-2022-24868 HIGH
GLPI < 10.0.0 - Stored Cross-Site Scripting via SVG Avatar Upload
Apr 21, 2022
CVSS 7.3
EPSS 0.01