Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting (XSS) on login page in GLPI
Vulnerability Description
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:L
Vulnerability Type
Web页面属性中脚本转义处理不恰当
Vulnerability Title
GLPI 跨站脚本漏洞
Vulnerability Description
GLPI是个人开发者的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 10.0.4之前版本存在跨站脚本漏洞,该漏洞源于管理员可以定义在登录页面上显示的文本内容,显示的内容可能包含可用于窃取凭据的恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A