CVE-2012-4003
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| glpi-project | glpi | {"endIncluding":"0.83.2"} | |
| glpi-project | glpi | 0.5 | |
| glpi-project | glpi | 0.6 | |
| glpi-project | glpi | 0.20 | |
| glpi-project | glpi | 0.21 | |
| glpi-project | glpi | 0.30 | |
| glpi-project | glpi | 0.31 | |
| glpi-project | glpi | 0.40 | |
| glpi-project | glpi | 0.41 | |
| glpi-project | glpi | 0.42 | |
| glpi-project | glpi | 0.51 | |
| glpi-project | glpi | 0.51a | |
| glpi-project | glpi | 0.65 | |
| glpi-project | glpi | 0.68 | |
| glpi-project | glpi | 0.68.1 | |
| glpi-project | glpi | 0.68.2 | |
| glpi-project | glpi | 0.68.3 | |
| glpi-project | glpi | 0.70 | |
| glpi-project | glpi | 0.70.1 | |
| glpi-project | glpi | 0.70.2 | |
| glpi-project | glpi | 0.71 | |
| glpi-project | glpi | 0.71.1 | |
| glpi-project | glpi | 0.71.2 | |
| glpi-project | glpi | 0.71.3 | |
| glpi-project | glpi | 0.71.4 | |
| glpi-project | glpi | 0.71.5 | |
| glpi-project | glpi | 0.71.6 | |
| glpi-project | glpi | 0.72 | |
| glpi-project | glpi | 0.72.1 | |
| glpi-project | glpi | 0.72.2 | |
| glpi-project | glpi | 0.72.3 | |
| glpi-project | glpi | 0.72.4 | |
| glpi-project | glpi | 0.78 | |
| glpi-project | glpi | 0.78.1 | |
| glpi-project | glpi | 0.78.2 | |
| glpi-project | glpi | 0.78.3 | |
| glpi-project | glpi | 0.78.4 | |
| glpi-project | glpi | 0.78.5 | |
| glpi-project | glpi | 0.80 | |
| glpi-project | glpi | 0.80.1 | |
| glpi-project | glpi | 0.80.2 | |
| glpi-project | glpi | 0.80.3 | |
| glpi-project | glpi | 0.80.4 | |
| glpi-project | glpi | 0.80.5 | |
| glpi-project | glpi | 0.80.6 | |
| glpi-project | glpi | 0.80.7 | |
| glpi-project | glpi | 0.80.61 | |
| glpi-project | glpi | 0.83 | |
| glpi-project | glpi | 0.83.1 | |
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:132
- http://www.openwall.com/lists/oss-security/2012/07/13/1
- https://forge.indepnet.net/issues/3705
- https://forge.indepnet.net/projects/glpi/versions/771
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:132
- http://www.openwall.com/lists/oss-security/2012/07/13/1
- https://forge.indepnet.net/issues/3705
- https://forge.indepnet.net/projects/glpi/versions/771
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.