CVE-2025-27514 Information
Jul 30, 2025
cve
Description
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In versions 9.5.0 through 10.0.18 a technician can use a malicious payload to trigger a stored XSS on the project’s kanban. This is fixed in version 10.0.19.
Reference
https://github.com/glpi-project/glpi/commit/c340a64a11343bde706d1cd41e4be798dd922303 https://github.com/glpi-project/glpi/security/advisories/GHSA-jh8j-gqxc-6gqj
Related CNNVD
CNNVD-202507-3622 (Published: 2025-07-29)
Share on: