CVE-2023-28639

CVSS V2 None CVSS V3 None
Description
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7.
Overview
  • CVE ID
  • CVE-2023-28639
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-05T18:15:08
  • Last Modified Date
  • 2023-04-12T17:03:39
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* 1 OR 0.85 9.5.13
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* 1 OR 10.0.0 10.0.7
History
Created Old Value New Value Data Type Notes
2023-04-17 04:12:35 Added to TrackCVE
2023-04-17 04:12:37 Weakness Enumeration new