← voltar
CVE-2025-26626

GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting

CVSS 6.5 MEDIUMEPSS 0.3%CWE-79
The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Produtos afetados
glpi-project · glpi-inventory-plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/glpi-project/glpi-inventory-plugin/blob/1.5.0/CHANGELOG.md#150---2025-02-25https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-8p38-r7vf-j6jx