CVE-2022-39277

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-39277

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39277.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39277

Aliases

GHSA-rhcw-8r7g-8pwc

Downstream

UBUNTU-CVE-2022-39277

Published

2022-11-03T00:00:00Z

Modified

2026-04-10T04:50:20.238010Z

Severity

4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Cross-Site Scripting (XSS) in external links in GLPI

Details

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39277.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79",
        "CWE-80"
    ]
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

b7d568424cbb73367a167b3bfb1512086053e635

Fixed

7a9752f4d66351268cb25908f2bb2b94fbc0608c

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39277.json"