Vulnerabilities > Glpi Project > Glpi > 9.4.0

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2019-14666 Information Exposure vulnerability in Glpi-Project Glpi
GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature.
network
low complexity
glpi-project CWE-200
8.8
8.8
2019-07-10 CVE-2019-13240 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi
An issue was discovered in GLPI before 9.4.1.
network
high complexity
glpi-project CWE-640
5.9
5.9
2019-07-04 CVE-2019-13239 Cross-site Scripting vulnerability in Glpi-Project Glpi
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
network
low complexity
glpi-project CWE-79
6.1
6.1
2019-03-27 CVE-2019-10233 Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
network
high complexity
glpi-project CWE-203
8.1
8.1