Home > Vulnerability Database > WS-2022-0367

Mend.io Vulnerability Database

WS-2022-0367

Date: October 27, 2022

Stored XSS - XSS in RSS link in glpi-project/glpi. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. The administrator can then make the RSS feed available to all users of the software. Victims who wish to visit an RSS content will execute the Javascript code in a new tab.

Language: PHP

Severity Score

4.8

Related Resources (2)

Url: https://github.com/glpi-project/glpi/commit/071c4eacb6476f8a2a41e07df595fdfd1d62a3f7

Url: https://www.mend.io/vulnerability-database/WS-2022-0367

Severity Score

4.8

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0367

Date: October 27, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?