CVE-2023-22724

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-22724

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22724.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22724

Aliases

GHSA-x9g4-j85w-cmff

Downstream

UBUNTU-CVE-2023-22724

Published

2023-01-25T05:55:10.180Z

Modified

2026-03-14T11:58:28.132877Z

Severity

6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Summary

glpi contains XSS in RSS Description Link

Details

GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22724.json"
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

815997021a5df4feb7077a12f6f52769e9bd3459

Fixed

e2d0f893191952f35c6b1a6013418308e3e1dbc2

Affected versions

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.0.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22724.json"