CVE-2024-45610

GLPI has a reflected XSS in ajax/cable.php

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17.

INFO

Published Date :

2024-11-15T20:14:33.893Z

Last Modified :

2024-11-15T21:10:37.523Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-45610 vulnerability.

Vendors	Products
Glpi-project	Glpi

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45610.

URL	Resource
https://github.com/glpi-project/glpi/security/advisories/GHSA-vvr8-chwj-9m4c

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact