← back
CVE-2021-21258

XSS injection in ajax/kanban

CVSS 6.8 MEDIUMEPSS 0.7%CWE-79
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Affected products
glpi-project · glpi

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx