glpi-project
218 tracked vulnerabilities.
CVE-2022-39373
MEDIUM
GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Entity Name
Nov 03, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-39372
LOW
GLPI 0.70-10.0.3 - Authenticated Stored Cross-Site Scripting in Account Information
Nov 03, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39371
HIGH
GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Assets Inventory Information
Nov 03, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-39370
MEDIUM
GLPI 0.70-10.0.3 - Authenticated Improper Access Control via Update Script Debug Panel
Nov 03, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39277
MEDIUM
GLPI 0.60-10.0.3 - Cross-Site Scripting via External Link Sanitization Bypass
Nov 03, 2022
CVSS 4.5
EPSS 0.01
CVE-2022-39323
HIGH
GLPI >=9.1 <10.0.4 - SQL Injection via REST API User Token
Nov 03, 2022
CVSS 7.4
EPSS 0.34
CVE-2022-39276
LOW
GLPI < 10.0.4 - Server-Side Request Forgery via RSS Feed or External Calendar Redirect
Nov 03, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-39262
MEDIUM
GLPI >=0.65 <10.0.4 - Stored Cross-Site Scripting in Login Page Rich-Text Content
Nov 03, 2022
CVSS 5.2
EPSS 0.01
CVE-2022-39234
MEDIUM
GLPI < 10.0.4 - Insufficient Session Expiration
Nov 03, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-35914
CRITICAL
KEVNUCLEI
GLPI htmLawed php command injection
Sep 19, 2022
CVSS 9.8
EPSS 1.00
CVE-2022-36112
LOW
GLPI < 10.0.3 - Server-Side Request Forgery via RSS Feed or External Calendar
Sep 14, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-35947
CRITICAL
GLPI < 10.0.3 - SQL Injection via External Token Login Simulation
Sep 14, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-35946
MEDIUM
GLPI < 10.0.3 - Authenticated SQL Injection via Plugin Controller
Sep 14, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-35945
MEDIUM
GLPI < 10.0.3 - Stored Cross-Site Scripting in Registration Key Configuration Page
Sep 14, 2022
CVSS 6.3
EPSS 0.01
CVE-2022-31187
MEDIUM
GLPI < 10.0.3 - Cross-Site Scripting in Global Search
Sep 14, 2022
CVSS 6.8
EPSS 0.01
CVE-2022-31143
MEDIUM
GLPI < 10.0.3 - Exposure of Sensitive Information via Setup Configuration
Sep 14, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31068
MEDIUM
GLPI 10.0.0-10.0.1 - Unauthenticated Exposure of Sensitive Information via Native Inventory
Jun 28, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31061
CRITICAL
GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page
Jun 28, 2022
CVSS 9.8
EPSS 0.51
CVE-2022-31056
CRITICAL
GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields
Jun 28, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-31082
MEDIUM
glpi-inventory-plugin < 1.0.2 - SQL Injection via Package Deployment Tasks
Jun 27, 2022
CVSS 5.8
EPSS 0.01
CVE-2022-31062
MEDIUM
glpi_inventory < 1.0.2 - Local File Inclusion via Public Script
Jun 20, 2022
CVSS 5.3
EPSS 0.06
CVE-2022-29250
HIGH
GLPI < 10.0.1 - Authenticated SQL Injection on Search Pages
Jun 09, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24876
MEDIUM
GLPI - Stored Cross-Site Scripting via Kanban User Name
Jun 09, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-24869
MEDIUM
GLPI < 10.0.0 - Cross-Site Scripting via Ticket Followups or Login Message Stylesheet Link
Apr 21, 2022
CVSS 4.6
EPSS 0.01
CVE-2022-24868
HIGH
GLPI < 10.0.0 - Stored Cross-Site Scripting via SVG Avatar Upload
Apr 21, 2022
CVSS 7.3
EPSS 0.01