Skip to main content

Glpi Inventory

3 CVEs product

Monthly

CVE-2026-25590 MEDIUM This Month

GLPI Inventory Plugin versions prior to 1.6.6 contain a reflected cross-site scripting vulnerability in task jobs that allows authenticated attackers with high privileges to execute malicious scripts in users' browsers. An attacker can exploit this by crafting a malicious link to inject arbitrary HTML or JavaScript when a user clicks it, potentially leading to session hijacking or credential theft. No patch is currently available for affected installations.

XSS Glpi Inventory
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2022-31082 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Glpi Inventory
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31062 MEDIUM POC This Month

### Impact A plugin public script can be used to read content of system files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Glpi Inventory
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
5.6%
EPSS 0% CVSS 4.5
MEDIUM This Month

GLPI Inventory Plugin versions prior to 1.6.6 contain a reflected cross-site scripting vulnerability in task jobs that allows authenticated attackers with high privileges to execute malicious scripts in users' browsers. An attacker can exploit this by crafting a malicious link to inject arbitrary HTML or JavaScript when a user clicks it, potentially leading to session hijacking or credential theft. No patch is currently available for affected installations.

XSS Glpi Inventory
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Glpi Inventory
NVD GitHub
EPSS 6% CVSS 5.3
MEDIUM POC This Month

### Impact A plugin public script can be used to read content of system files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Glpi Inventory
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy