CNNVD-202512-2806 Information

CNNVD ID

CNNVD-202512-2806

Related CVE

CVE-2025-59935

• CNNVD Published: 2025-12-16

Description (Chinese)

GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口，你可以用它来建立数据库全面管理IT的电脑，显示器，服务器，打印机，网络设备，电话，甚至硒鼓和墨盒等。 GLPI 10.0.21之前版本存在跨站脚本漏洞，该漏洞源于未经验证的用户可通过库存端点存储XSS有效载荷，可能导致跨站脚本攻击。

Description (English)

GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. The pre-GLPI version 10.2.21 has a cross-site script loophole, which stems from uncertified users storing XSS payloads through the stock endpoint, which may result in cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

GLPI

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-j8vv-9f8m-r7jx

Patch

https://www.glpi-project.org/en/