Description
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx
Patch, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15
Scores
CVSS v3
6.8
EPSS
0.0021
EPSS Percentile
42.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Details
CWE
CWE-79
Status
published
Products (1)
glpi-project/glpi
9.5.0 - 9.5.4
Published
Mar 02, 2021
Tracked Since
Feb 18, 2026