Lucene search
GoogleOSV:CVE-2020-15177HistoryOct 07, 2020 - 7:15 p.m.
CVE-2020-15177
2020-10-0719:15:12
Google
osv.dev
5
glpi
user input
xss
insecure redirection
security vulnerability
patch
In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it’s possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.
Related
nessus
nessus
ubuntucve
ubuntucve
CVE-2020-15177
2020-10-07 00:00:00
cvelist
cvelist
CVE-2020-15177 Unauthenticated Stored XSS in GLPI
2020-10-07 19:05:14
nvd
nvd
CVE-2020-15177
2020-10-07 19:15:12
freebsd
freebsd
glpi -- Unauthenticated Stored XSS
2020-06-25 00:00:00
redhatcve
redhatcve
CVE-2020-15177
2022-05-20 22:54:11
prion
prion
Cross site scripting
2020-10-07 19:15:00
cve
cve
CVE-2020-15177
2020-10-07 19:15:12
altlinux
altlinux
Security fix for the ALT Linux 9 package glpi version 9.5.2-alt1
2020-10-26 00:00:00
Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1
2020-10-26 00:00:00