Glpi Inventory

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25590 MEDIUM This Month

GLPI Inventory Plugin versions prior to 1.6.6 contain a reflected cross-site scripting vulnerability in task jobs that allows authenticated attackers with high privileges to execute malicious scripts in users' browsers. An attacker can exploit this by crafting a malicious link to inject arbitrary HTML or JavaScript when a user clicks it, potentially leading to session hijacking or credential theft. No patch is currently available for affected installations.

XSS Glpi Inventory

NVD GitHub

CVSS 3.1

4.5

EPSS

0.0%

CVE-2026-25590

EPSS 0% CVSS 4.5

MEDIUM This Month

GLPI Inventory Plugin versions prior to 1.6.6 contain a reflected cross-site scripting vulnerability in task jobs that allows authenticated attackers with high privileges to execute malicious scripts in users' browsers. An attacker can exploit this by crafting a malicious link to inject arbitrary HTML or JavaScript when a user clicks it, potentially leading to session hijacking or credential theft. No patch is currently available for affected installations.

XSS Glpi Inventory

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy