Vulnerability Description
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | >= 9.5.0, < 9.5.13 |
Related Weaknesses (CWE)
References
- https://github.com/glpi-project/glpi/releases/tag/10.0.7PatchRelease Notes
- https://github.com/glpi-project/glpi/releases/tag/9.5.13PatchRelease Notes
- https://github.com/glpi-project/glpi/security/advisories/GHSA-65gq-p8hg-7m92Vendor Advisory
- https://github.com/glpi-project/glpi/releases/tag/10.0.7PatchRelease Notes
- https://github.com/glpi-project/glpi/releases/tag/9.5.13PatchRelease Notes
- https://github.com/glpi-project/glpi/security/advisories/GHSA-65gq-p8hg-7m92Vendor Advisory
FAQ
What is CVE-2023-28852?
CVE-2023-28852 is a vulnerability with a CVSS score of 4.8 (MEDIUM). GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to s...
How severe is CVE-2023-28852?
CVE-2023-28852 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28852?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.