XSS on external links in glpi-project/glpi
Nov 29th 2022
This vulnerability allow for an administrator to create an evil external link.
Proof of Concept
As an admin user
Go to /front/link.form.php?id=1
Create an external link and put has value for the link
Assign this link to budgets (example)
As a regular user
Go to /front/budget.form.php?id=1
Click on the links tab
Move the mouse over the link
This vulnerability would potentially allow attackers to hijack the user's current session, steal relevant information, deface the website or direct users to malicious websites, and there is even the possibility of escalating the level of exploitation or more advanced attacks (for example, create privileged users ).