Glpi 11
Monthly
Stored cross-site scripting in the Tag plugin for GLPI 11 (versions before 2.14.4) allows an authenticated user holding TAG MANAGEMENT create/update rights to persist an HTML/JavaScript payload in a tag name, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to. The flaw stems from PluginTagTag::preKanbanContent() rendering the unsanitized tag name into badge markup without output escaping. No public exploit identified at time of analysis; the issue was reported by VulnCheck and a vendor patch (2.14.4) is available.
Stored cross-site scripting in the Tag plugin for GLPI 11 (versions before 2.14.4) allows an authenticated user holding TAG MANAGEMENT create/update rights to persist an HTML/JavaScript payload in a tag name, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to. The flaw stems from PluginTagTag::preKanbanContent() rendering the unsanitized tag name into badge markup without output escaping. No public exploit identified at time of analysis; the issue was reported by VulnCheck and a vendor patch (2.14.4) is available.