cvedb.io
CVE-2024-47759
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2024-11-15T18:15:28.463 · Last modified 2026-06-17T07:57:42.180

Summary

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.

Affected products

glpi-project — glpi

Does this affect you?

Add your gear to cvedb and we'll alert you only when glpi-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.