FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glpi -- stored XSS

Affected packages
glpi < 9.4.3

Details

VuXML ID d222241d-91cc-11ea-82b8-4c72b94353b5
Discovery 2019-02-25
Entry 2020-05-09

MITRE Corporation reports:

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.

References

CVE Name CVE-2019-13239
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239
URL https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
URL https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_stored_XSS.pdf