Description
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/releases/tag/9.4.3
Patch, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
Exploit, Third Party Advisory x_refsource_misc
https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_stored_XSS.pdf
Scores
CVSS v3
6.1
EPSS
0.0033
EPSS Percentile
55.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
glpi-project/glpi
9.1 - 9.4.3
Published
Jul 04, 2019
Tracked Since
Feb 18, 2026