CVE-2022-39262 Information
Nov 04, 2022
cve
Description
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched please upgrade to version 10.0.4.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Reference
https://huntr.dev/bounties/54fc907e-6983-4c24-b249-1440aac1643c/ https://github.com/glpi-project/glpi/security/advisories/GHSA-4x48-q2wr-cpg4
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
4.8
Share on: