CVE-2024-27104
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Mar 18, 2024
Updated: Jan 2, 2025
CWE ID 79
Summary
CVE-2024-27104 is a vulnerability affecting GLPI, a free IT management software. A user with dashboard creation rights can exploit this issue by inserting malicious JavaScript code into a dashboard. This code will be executed when any user opens the dashboard, leading to a cross-site scripting (XSS) attack. The vulnerability has been addressed in GLPI version 10.0.13. Users are advised to update their software to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- GLPI Project
- Glpi-project GLPI
Affected Vendors
- Teclib
- Glpi-project