CVE-2024-27914

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Mar 18, 2024

Updated: Jan 2, 2025

CWE ID 79

Summary

CVE-2024-27914 is a reflected Cross-Site Scripting (XSS) vulnerability affecting GLPI, a free IT management software. An unauthenticated attacker can exploit this flaw by supplying a malicious link to a GLPI administrator. For the attack to succeed, the administrator must navigate through the debug bar. Fortunately, this vulnerability has been mitigated in the latest version 10.0.13 of GLPI.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Glpi-project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/usGkeK
https://www.cve.org/CVERecord?id=CVE-2024-27914
https://nvd.nist.gov/vuln/detail/CVE-2024-27914

Back to Vulnerability Database

CVE-2024-27914

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations