VDB

GCVE-110-MAGEIA-2018-272

GCVE-110-MAGEIA-2018-272
Advisory Published
Vulnetix · Advisory published June 5, 2018
Updated glpi package fixes security vulnerability: An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes (CVE-2018-7563).

Affected Products

VendorProductVersionsPlatforms
Mageiaglpi9.1.6-2.1.mga6 (unaffected), 0 (affected)

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›