CVE-2024-45609 Information

Description

GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages. Upgrade to 10.0.17.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-3j2f-3j4v-hppr