CVE-2020-11062 MEDIUM

CVE-2020-11062: Reflexive XSS in GLPI

Vendor Glpi

Product GLPI

Weakness CWE-79 · XSS

Published May 12, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.

Key dates

02Disclosure timeline

May 12, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-11062 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-51612 WordPress Reftagger Shortcode plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-23998 WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-20150 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection