Home > Vulnerability Database > CVE-2022-31187

Mend.io Vulnerability Database

CVE-2022-31187

Good to know:

Date: September 14, 2022

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search.

Language: PHP

Severity Score

5.4

Related Resources (5)

Url: https://github.com/glpi-project/glpi/security/advisories/GHSA-43j5-xhvj-9236

Url: https://github.com/glpi-project/glpi/commit/e248ed5649d267c0f61a17d99b7bd6be4074aadb

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31187

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-31187

Url: https://www.mend.io/vulnerability-database/CVE-2022-31187

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 10.0.3

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31187

Good to know:

Date: September 14, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?