Detections
Analytics
FreeBSD : glpi -- multiple related stored XSS vulnerabilities (27a230a2-3b11-11eb-af2a-080027dbe4b7)
medium Nessus Plugin ID 144182
Synopsis
The remote FreeBSD host is missing a security-related update.Description
MITRE Corporation reports :In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content 'alert(1)' reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `' onmouseover='alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the 'last update' field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6.
Solution
Update the affected package.See Also
http://www.nessus.org/u?f763be83
http://www.nessus.org/u?b66a378c
Plugin Details
Severity: Medium
ID: 144182
File Name: freebsd_pkg_27a230a23b1111ebaf2a080027dbe4b7.nasl
Version: 1.3
Type: local
Family: FreeBSD Local Security Checks
Published: 12/14/2020
Updated: 2/2/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 2.7
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2020-11036
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:glpi, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/30/2020
Vulnerability Publication Date: 3/30/2020
Reference Information
CVE: CVE-2020-11036