mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-12-16 10:44:41 +00:00
101 lines
3.2 KiB
JSON
101 lines
3.2 KiB
JSON
{
|
|
"id": "CVE-2025-21627",
|
|
"sourceIdentifier": "security-advisories@github.com",
|
|
"published": "2025-02-25T16:15:37.863",
|
|
"lastModified": "2025-03-04T13:49:18.880",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. En versiones anteriores a la 10.0.18, se puede crear un enlace malicioso para realizar un ataque XSS reflejado en la p\u00e1gina de b\u00fasqueda. Si est\u00e1 habilitada la creaci\u00f3n de tickets an\u00f3nimos, un usuario no autenticado puede realizar este ataque. La versi\u00f3n 10.0.18 contiene una soluci\u00f3n para este problema."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "10.0.18",
|
|
"matchCriteriaId": "233C795E-1AEA-4457-8A7A-22C9C152DCF2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2",
|
|
"source": "security-advisories@github.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |