UNKNOWNCVE-2026-25932
GLPI has Stored XSS in Supplier 'Website' field
Platform
php
Component
glpi
Fixed in
10.0.24
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24.
How to fix
Actualice GLPI a la versión 10.0.24 o superior para mitigar la vulnerabilidad de XSS. Esta actualización corrige el problema al validar correctamente la entrada del usuario en el campo 'Sitio web del proveedor', evitando la ejecución de código malicioso.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free