FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GLPI -- multiple vulnerabilities

Affected packages
		glpi	<	10.0.13,1

Details

VuXML ID	bb49f1fa-00da-11ef-92b7-589cfc023192
Discovery	2024-03-13
Entry	2024-04-22

GLPI team reports:

GLPI 10.0.13 Changelog

[SECURITY - high] SQL Injection in through the search engine (CVE-2024-27096)

[SECURITY - moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)

[SECURITY - moderate] Stored XSS in dashboards (CVE-2024-27104)

[SECURITY - moderate] Reflected XSS in debug mode (CVE-2024-27914)

[SECURITY - moderate] Sensitive fields access through dropdowns (CVE-2024-27930)

[SECURITY - moderate] Users emails enumeration (CVE-2024-27937)

[source]

References

CVE Name	CVE-2024-27096
CVE Name	CVE-2024-27098
CVE Name	CVE-2024-27104
CVE Name	CVE-2024-27914
CVE Name	CVE-2024-27930
CVE Name	CVE-2024-27937
URL	https://github.com/glpi-project/glpi/releases/tag/10.0.13