CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4.

Low

trasher published GHSA-cw37-q82c-w546

Nov 3, 2022

**Package**

glpi (glpi)

**Affected versions**

\>= 10.0.0

**Patched versions**

10.0.4

**Description**

**Impact**

Administrator may store malicious code in entity name.

**Patches**

Upgrade to 10.0.4.

**For more information**

If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.

**Severity**

Low

2.7

/ 10

**CVSS base metrics**

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

**CVE ID**

CVE-2022-39373

**Weaknesses**

CWE-79

**Credits**

*    xanhacks

Headline

CVE-2022-39373: Stored XSS in entity name

CVE: Latest News