Security Advisory

CVE-2024-27914

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-18 16:19:00
Last updated 2024-08-02 15:25:55
Assigner GitHub_M
State PUBLISHED

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.