CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
EPSS
Percentile
23.5%
GLPI is a Free Asset and IT Management Software package. Versions prior to
10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An
Administrator can import a malicious RSS feed that contains Cross Site
Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS
content and click on the link will execute the Javascript. This issue is
patched in 10.0.6.