Home > Vulnerability Database > WS-2022-0367

Mend.io Vulnerability Database

WS-2022-0367

Good to know:

Date: October 27, 2022

Stored XSS - XSS in RSS link in glpi-project/glpi. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. The administrator can then make the RSS feed available to all users of the software. Victims who wish to visit an RSS content will execute the Javascript code in a new tab.

Language: PHP

Severity Score

4.8

Related Resources (2)

Url: https://github.com/glpi-project/glpi/commit/071c4eacb6476f8a2a41e07df595fdfd1d62a3f7

Url: https://www.mend.io/vulnerability-database/WS-2022-0367

Severity Score

4.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 10.0.4

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0367

Good to know:

Date: October 27, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?