CVE-2022-31187

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31187

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31187.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31187

Aliases

GHSA-43j5-xhvj-9236

Downstream

UBUNTU-CVE-2022-31187

Published

2022-09-14T18:00:15Z

Modified

2025-10-22T18:31:57.575043Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H CVSS Calculator

Summary

Stored Cross Site Scripting (XSS) through global search in GLPI

Details

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

815997021a5df4feb7077a12f6f52769e9bd3459

Fixed

5db9ca9f678989560bcc7b46d4a89c241f25af01

Affected versions

10.*

10.0.0

10.0.1

10.0.2