← volver
CVE-2026-5385

GLPI 11.0.0 - Stored XSS in knowledge base

CVSS 8.4 HIGHEPSS 0.4%CWE-79
An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
glpi-project · glpi

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://fluidattacks.com/es/advisories/bizkithttps://github.com/glpi-project/glpihttps://github.com/glpi-project/glpi/releases/tag/11.0.7https://github.com/glpi-project/glpi/security/advisories/GHSA-2fg5-jg72-h338