Lucene search
PRIOn knowledge basePRION:CVE-2020-15177HistoryOct 07, 2020 - 7:15 p.m.
Cross site scripting
2020-10-0719:15:00
PRIOn knowledge base
www.prio-n.com
6
In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it’s possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.
Related
nessus
nessus
ubuntucve
ubuntucve
CVE-2020-15177
2020-10-07 00:00:00
nvd
nvd
CVE-2020-15177
2020-10-07 19:15:12
cvelist
cvelist
CVE-2020-15177 Unauthenticated Stored XSS in GLPI
2020-10-07 19:05:14
freebsd
freebsd
glpi -- Unauthenticated Stored XSS
2020-06-25 00:00:00
redhatcve
redhatcve
CVE-2020-15177
2022-05-20 22:54:11
osv
osv
CVE-2020-15177
2020-10-07 19:15:12
cve
cve
CVE-2020-15177
2020-10-07 19:15:12
altlinux
altlinux
Security fix for the ALT Linux 9 package glpi version 9.5.2-alt1
2020-10-26 00:00:00
Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1
2020-10-26 00:00:00