Vulnerabilities > Glpi Project > Glpi > 0.83.31

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-11062 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. 		3.5
3.5
2020-05-12 CVE-2020-11060 Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.
network
low complexity
glpi-project CWE-352
critical
 9.0
9.0
2020-05-12 CVE-2020-5248 Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key.
network
low complexity
glpi-project CWE-798
5.0
5.0
2020-05-05 CVE-2020-11036 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities.
network
low complexity
glpi-project CWE-79
5.4
5.4
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
critical
 9.3
9.3
2020-05-05 CVE-2020-11034 Open Redirect vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp.
network
low complexity
glpi-project CWE-601
6.1
6.1
2019-09-25 CVE-2019-14666 Information Exposure vulnerability in Glpi-Project Glpi
GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature.
network
low complexity
glpi-project CWE-200
6.5
6.5
2019-07-10 CVE-2019-13240 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi
An issue was discovered in GLPI before 9.4.1. 		4.3
4.3
2019-03-27 CVE-2019-10233 Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. 		6.8
6.8
2018-03-12 CVE-2018-7563 Cross-site Scripting vulnerability in Glpi-Project Glpi
An issue was discovered in GLPI through 9.2.1. 		4.3
4.3