FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-14 21:31:10 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
68958e18-ed94-11ed-9688-b42e991fc52eglpi -- multiple vulnerabilities

glpi Project reports:

Multiple vulnerabilities found and fixed in this version:

  • High CVE-2023-28849: SQL injection and Stored XSS via inventory agent request.
  • High CVE-2023-28632: Account takeover by authenticated user.
  • High CVE-2023-28838: SQL injection through dynamic reports.
  • Moderate CVE-2023-28852: Stored XSS through dashboard administration.
  • Moderate CVE-2023-28636: Stored XSS on external links.
  • Moderate CVE-2023-28639: Reflected XSS in search pages.
  • Moderate CVE-2023-28634: Privilege Escalation from technician to super-admin.
  • Low CVE-2023-28633: Blind Server-Side Request Forgery (SSRF) in RSS feeds.

Discovery 2023-03-20
Entry 2023-05-08
Modified 2024-04-25
glpi
< 10.0.7,1

CVE-2023-28849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28849
CVE-2023-28632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28632
CVE-2023-28838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28838
CVE-2023-28852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28852
CVE-2023-28636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28636
CVE-2023-28639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28639
CVE-2023-28634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28634