CVE-2026-5385

GLPI 11.0.0 - Stored XSS in knowledge base

CVSS 8.4 HIGHEPSS 0.4%CWE-79

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

glpi-project · glpi

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://fluidattacks.com/es/advisories/bizkit https://github.com/glpi-project/glpi https://github.com/glpi-project/glpi/releases/tag/11.0.7 https://github.com/glpi-project/glpi/security/advisories/GHSA-2fg5-jg72-h338