GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-05T00:00:00

Updated: 2024-08-02T13:43:23.641Z

Reserved: 2023-03-20T00:00:00

Link: CVE-2023-28639

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-04-05T18:15:08.310

Modified: 2023-04-12T17:03:39.217

Link: CVE-2023-28639

cve-icon Redhat

No data.