We found results for “”
WS-2022-0367
Good to know:
Date: October 27, 2022
Stored XSS - XSS in RSS link in glpi-project/glpi. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. The administrator can then make the RSS feed available to all users of the software. Victims who wish to visit an RSS content will execute the Javascript code in a new tab.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |