Vulnerability Description
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | >= 9.5.0, < 9.5.4 |
Related Weaknesses (CWE)
References
- https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c88PatchThird Party Advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmxThird Party Advisory
- https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c88PatchThird Party Advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmxThird Party Advisory
FAQ
What is CVE-2021-21258?
CVE-2021-21258 is a vulnerability with a CVSS score of 6.8 (MEDIUM). GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, ...
How severe is CVE-2021-21258?
CVE-2021-21258 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21258?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.