Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-09EEF008-3B16-11EB-AF2A-080027DBE4B7 (CVE-2020-15177): glpi -- Unauthenticated Stored XSS

Back to Search

FreeBSD: VID-09EEF008-3B16-11EB-AF2A-080027DBE4B7 (CVE-2020-15177): glpi -- Unauthenticated Stored XSS

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
06/25/2020
Created
12/14/2020
Added
12/12/2020
Modified
12/12/2020

Description

In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.

Solution(s)

  • freebsd-upgrade-package-glpi

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;