3 matches found
CVE-2026-25932
GLPI (free Asset and IT Management Software) is affected from versions 0.60 up to before 10.0.24. The root cause is improper output encoding/escaping in the Website field of the supplier component, allowing an authenticated technician to store an XSS payload. Impact stated across sources includes...
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
supplier.buncombecounty.org XSS vulnerability
Vulnerable URL: https://supplier.buncombecounty.org/sso/SSOServlet?locale=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown ...