CVE-2022-39262

MEDIUM Year: 2022
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-83
View all →

Vulnerability Description

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.

Related Vulnerabilities

CVE-2020-14525

LOW
CVSS:3.5(Low)

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage ...

CWE-832020

CVE-2023-30958

MEDIUM
CVSS:6.1(Medium)

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundr...

CWE-832023

CVE-2023-32070

MEDIUM
CVSS:6.1(Medium)

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attrib...

CWE-832023

CVE-2024-9103

MEDIUM
CVSS:6.1(Medium)

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.

CWE-832024

CVE-2023-37908

CRITICAL
CVSS:9.6(Critical)

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, all...

CWE-832023

CVE-2024-26283

HIGH
CVSS:7.8(High)

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < ...

CWE-832024