Vulnerabilities > Glpi Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-15 | CVE-2019-1010307 | Cross-site Scripting vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). | 5.4 |
2019-07-12 | CVE-2019-1010310 | Injection vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. | 3.5 |
2019-07-10 | CVE-2019-13240 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi An issue was discovered in GLPI before 9.4.1. | 5.9 |
2019-07-04 | CVE-2019-13239 | Cross-site Scripting vulnerability in Glpi-Project Glpi inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | 6.1 |
2019-03-27 | CVE-2019-10233 | Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | 8.1 |
2018-07-02 | CVE-2018-13049 | SQL Injection vulnerability in Glpi-Project Glpi The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | 8.8 |
2018-03-12 | CVE-2018-7563 | Cross-site Scripting vulnerability in Glpi-Project Glpi An issue was discovered in GLPI through 9.2.1. | 6.1 |
2018-03-12 | CVE-2018-7562 | Unrestricted Upload of File with Dangerous Type vulnerability in Glpi-Project Glpi A remote code execution issue was discovered in GLPI through 9.2.1. | 7.5 |
2017-07-28 | CVE-2017-11184 | SQL Injection vulnerability in Glpi-Project Glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | 9.8 |
2017-07-28 | CVE-2017-11183 | Improper Input Validation vulnerability in Glpi-Project Glpi front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | 4.9 |