glpi-project

CVE-2021-39209 HIGH

GLPI < 9.5.6 - Cross-Site Request Forgery Protection Bypass

Sep 15, 2021

CVSS 8.8

EPSS 0.00

CVE-2021-3486 MEDIUM

GLPi 9.5.4 - Stored Cross-Site Scripting via Metadata Injection

May 26, 2021

CVSS 6.1

EPSS 0.01

CVE-2021-30144 MEDIUM

GLPI Dashboard <1.0.2 - Auth Bypass

Apr 06, 2021

CVSS 4.3

EPSS 0.00

CVE-2021-21327 MEDIUM

GLPI < 9.5.4 - Unauthenticated Unsafe Reflection via Class Instantiation

Mar 08, 2021

CVSS 6.8

EPSS 0.00

CVE-2021-21326 HIGH

GLPI < 9.5.4 - Unauthenticated Ticket Creation via Self-Service Interface

Mar 08, 2021

CVSS 7.7

EPSS 0.00

CVE-2021-21325 MEDIUM

GLPI < 9.5.4 - Authenticated Stored Cross-Site Scripting via Budget Type Input

Mar 08, 2021

CVSS 6.2

EPSS 0.01

CVE-2021-21324 MEDIUM

GLPI < 9.5.4 - Authenticated Insecure Direct Object Reference via Knowbase Search Form

Mar 08, 2021

CVSS 6.8

EPSS 0.00

CVE-2021-21314 MEDIUM

GLPI < 9.5.4 - Authenticated Stored Cross-Site Scripting in Ticket Update

Mar 03, 2021

CVSS 5.4

EPSS 0.00

CVE-2021-21313 MEDIUM

GLPI < 9.5.4 - Cross-Site Scripting via _target Parameter in common.tabs.php

Mar 03, 2021

CVSS 4.9

EPSS 0.00

CVE-2021-21312 MEDIUM

GLPI < 9.5.4 - Stored Cross-Site Scripting via Document Web Link Field

Mar 03, 2021

CVSS 5.4

EPSS 0.00

CVE-2021-21258 MEDIUM

GLPI 9.5.0-9.5.4 - Cross-Site Scripting via ajax/kanban.php

Mar 02, 2021

CVSS 6.8

EPSS 0.00

CVE-2021-21255 MEDIUM

GLPI 9.5.3 - Missing Authorization via Entity Switch IDOR

Mar 02, 2021

CVSS 5.8

EPSS 0.00

CVE-2020-27663 MEDIUM

GLPI < 9.5.3 - Insecure Direct Object Reference via ajax/getDropdownValue.php

Nov 26, 2020

CVSS 4.3

EPSS 0.00

CVE-2020-27662 MEDIUM

GLPI < 9.5.3 - Insecure Direct Object Reference via ajax/comments.php

Nov 26, 2020

CVSS 4.3

EPSS 0.00

CVE-2020-26212 HIGH

GLPI < 9.5.3 - Authenticated Unauthorized Planning Access via CalDAV

Nov 25, 2020

CVSS 7.7

EPSS 0.00

CVE-2020-15226 MEDIUM

GLPI < 9.5.2 - Authenticated SQL Injection via API Search Function

Oct 07, 2020

CVSS 5.0

EPSS 0.00

CVE-2020-15217 MEDIUM

GLPI 9.5.0-9.5.2 - Unauthenticated User Information Leakage via Public FAQ

Oct 07, 2020

CVSS 5.3

EPSS 0.00

CVE-2020-15177 HIGH

GLPI < 9.5.2 - Unauthenticated Stored Cross-Site Scripting and Insecure Redirection via url_base Parameter

Oct 07, 2020

CVSS 8.0

EPSS 0.00

CVE-2020-15176 HIGH

GLPI < 9.5.2 - SQL Injection via Backtick Input

Oct 07, 2020

CVSS 8.7

EPSS 0.00

CVE-2020-15175 HIGH

GLPI < 9.5.2 - Unauthenticated Arbitrary File Deletion and Information Disclosure via pluginimage.send.php

Oct 07, 2020

CVSS 7.4

EPSS 0.37

CVE-2020-11031 HIGH

GLPI < 9.5.0 - Use of a Broken or Risky Cryptographic Algorithm

Sep 23, 2020

CVSS 7.8

EPSS 0.00

CVE-2020-15108 HIGH

glpi < 9.5.1 - SQL Injection via Clone Feature

Jul 17, 2020

CVSS 7.1

EPSS 0.00

CVE-2020-11062 MEDIUM

GLPI 0.68.1-9.4.6 - Reflected Cross-Site Scripting via Dropdown Endpoints

May 12, 2020

CVSS 6.0

EPSS 0.00

CVE-2020-11060 HIGH

GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality

May 12, 2020

CVSS 7.4

EPSS 0.07

CVE-2020-5248 HIGH

GLPI < 9.4.6 - Use of Hard-coded Credentials via Default GLPIKEY

May 12, 2020

CVSS 7.2

EPSS 0.03