CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

Linux Distros Unpatched Vulnerability : CVE-2017-11474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computersoftwareversion.class.php, exploitable via ajax/common.tabs.php. CVE-2017-11474 Note...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows attackers to carry out attacks using cross-site scripting (XSS).

The vulnerability of the GLPI system’s request, incident, and asset inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows attackers who operate remotely to carry out attacks using cross-site scripting XSS...

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to incorrect authentication, allows a perpetrator to bypass the authentication process.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

ROS-20250403-15

Vulnerabilities in GLPI's computer hardware request, incident and inventory system are related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory allows a hacker to inject arbitrary PHP code.

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory management is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary PHP code remotely...

ROS-20250121-10

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an intruder, acting remotely, to disclose protected information...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management, related to improper access control, allows a intruder to gain unauthorized access to the account.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the user account...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management systems lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

PT-2024-37075 · Glpi · Tasklists

Name of the Vulnerable Software and Affected Versions: Tasklists versions prior to 2.0.4 Description: The issue is related to a blind SQL injection vulnerability. Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 are affected. Recommendations: For versions prior to 2.0.4, upda...

The vulnerability of the GLPI system’s request, incident, and asset inventory management, related to improper access control, allows a intruder to gain unauthorized access to the account.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to improper access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the account through the API...

PT-2024-10105 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a lack of protection of the web page structure in the GLPI system, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack. Specifically, an...

The vulnerability of the GLPI system’s request, incident, and asset inventory management, related to improper session management, allows a malicious actor to gain full access to the application.

The vulnerability of the GLPI system’s request, incident, and asset inventory management is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the application by intercepting sessions...

PT-2024-8000 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue is related to a lack of password recovery mechanism in the GLPI system, which can be exploited by a remote attacker to bypass existing security restrictions. An administrator with acce...

PT-2024-9895 · Glpi +1 · Fields Plugin +1

Name of the Vulnerable Software and Affected Versions: Fields plugin for GLPI versions prior to 1.21.13 Description: The issue is related to a lack of protection against SQL injection attacks in the Fields plugin for GLPI. This allows an authenticated user to perform a SQL injection when the plug...

ROS-20240812-12

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary SQL queries...

The vulnerability of the GLPI system’s handling of requests and incidents, related to the possibility of falsifying requests on the server side, allows a perpetrator to redirect users to any arbitrary URL address.

The vulnerability in the GLPI system for handling requests and incidents is related to the possibility of forged requests on the server side. Exploiting this vulnerability allows a malicious actor to redirect users to an arbitrary URL address...

The vulnerability of the GLPI system’s request and incident handling process, related to improper elimination of input data during the generation of web pages, allows a malicious actor to create malicious external links.

The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to create a malicious external link...