2024-11-20
Platform: GLPI
Version: All versions before 10.0.17
Vulnerability: Reflected Cross-Site Scripting (XSS)
Severity: Pending analysis by NIST
Date: November 15, 2024
What Undercode Says:
This blog post details a reflected XSS vulnerability (CVE-2024-45610) found in GLPI, an open-source IT management software. An unauthenticated attacker can exploit this vulnerability by sending a malicious link to a GLPI technician through the Cable form. This link, if clicked, could inject malicious scripts into the technician’s web browser, potentially compromising their session or stealing data.
Recommendations:
Upgrade GLPI to version 10.0.17 or later.
Be cautious of clicking on links received from untrusted sources, even if they appear to be from colleagues.
Additional Notes:
The severity of this vulnerability is currently under analysis by NIST.
This vulnerability was identified on November 15, 2024.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help