GLPI Reflected XSS Vulnerability (DC-2024-45610)

2024-11-20

Platform: GLPI

Version: All versions before 10.0.17

Vulnerability: Reflected Cross-Site Scripting (XSS)

Severity: Pending analysis by NIST

Date: November 15, 2024

What Undercode Says:

This blog post details a reflected XSS vulnerability (CVE-2024-45610) found in GLPI, an open-source IT management software. An unauthenticated attacker can exploit this vulnerability by sending a malicious link to a GLPI technician through the Cable form. This link, if clicked, could inject malicious scripts into the technician’s web browser, potentially compromising their session or stealing data.

Recommendations:

Upgrade GLPI to version 10.0.17 or later.

Be cautious of clicking on links received from untrusted sources, even if they appear to be from colleagues.

Additional Notes:

The severity of this vulnerability is currently under analysis by NIST.

This vulnerability was identified on November 15, 2024.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top