Exposure of GLPI

CRM, Web frameworks

51

exposure score

131

sites use

0

exploited

8

critical

CVEs

163 results

CVE-2022-24876MEDIUMStored cross site scrpting in GLPI's KanbanEPSS 0.5%CVE-2023-28633LOWGLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feedsEPSS 0.5%CVE-2023-35939HIGHGLPI vulnerable to unauthorized access to Dashboard dataEPSS 0.5%CVE-2022-39376LOWImproper input validation on emails links in GLPIEPSS 0.5%CVE-2024-11955MEDIUMGLPI index.php redirectEPSS 0.5%CVE-2023-34107MEDIUMGLPI vulnerable to unauthorized access to KnowbaseItem dataEPSS 0.5%CVE-2023-34106MEDIUMGLPI vulnerable to unauthorized access to User dataEPSS 0.5%CVE-2024-47760HIGHGLPI vulnerable to account takeover via APIEPSS 0.5%CVE-2023-34244MEDIUMGLPI vulnerable to reflected XSS in search pagesEPSS 0.4%CVE-2022-39371HIGHStored Cross-Site Scripting (XSS) through asset inventory in GLPIEPSS 0.4%CVE-2022-39373MEDIUMStored Cross-Site Scripting (XSS) in entity name in GLPIEPSS 0.4%CVE-2022-36112LOWBlind Server-Side Request Forgery (SSRF) in GLPIEPSS 0.4%CVE-2025-66417HIGHGLPI has an unauthenticated SQL injection through the inventory endpointEPSS 0.4%CVE-2024-47758HIGHGLPI vulnerable to account takeover without privilege escalation through the APIEPSS 0.4%CVE-2022-39370MEDIUMImproper access to debug panel in GLPIEPSS 0.4%CVE-2025-23046MEDIUMGLPI vulnerable to unauthorized authentication by email using the OAuthIMAP pluginEPSS 0.4%CVE-2026-5385HIGHGLPI 11.0.0 - Stored XSS in knowledge baseEPSS 0.4%CVE-2024-47759MEDIUMGLPI has a stored XSS via document uploadEPSS 0.4%CVE-2024-48912HIGHGLPI vulnerable to authenticated insecure account deletionEPSS 0.4%CVE-2023-41888MEDIUMPhishing through a login page malicious URL in GLPIEPSS 0.4%

← previouspage 6 / 9next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →