CVE-2021-21312 Information

Description

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4 there is a vulnerability within the document upload function (Home > Management > Documents > Add or /front/document.form.php endpoint) indeed one of the form field: \Web Link\ is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: \ accesskey=�\ onclick=lert(1)\ x=\ the content will be saved within the database without any control. And then once you return to the summary documents page by clicking on the \Web Link\ of the newly created file it will create a new empty tab but on the initial tab the pop-up \1\ will appear.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2 https://github.com/glpi-project/glpi/releases/tag/9.5.4

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8