CNNVD-202507-3622 Information
CNNVD ID
CNNVD-202507-3622
Related CVE
- CNNVD Published: 2025-07-29
Description (Chinese)
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 9.5.0至10.0.18版本存在安全漏洞,该漏洞源于恶意负载触发存储型跨站脚本攻击。
Description (English)
GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. There is a security loophole in versions 9.5.0 to 10.0.18, which results from a malicious load-triggered script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GLPI
Published
2025-07-29
Last Modified
2026-02-24
References
https://github.com/glpi-project/glpi/commit/c340a64a11343bde706d1cd41e4be798dd922303 https://github.com/glpi-project/glpi/security/advisories/GHSA-jh8j-gqxc-6gqj
Patch
https://github.com/glpi-project/glpi/releases
Share on: