2 matches found
CVE-2025-27514 GLPI is susceptible to Stored XSS attack through project's kanban
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.1...
CVE-2022-39398 InfotelGLPI vulnerable to Cross-site Scripting
tasklists is a tasklists plugin for GLPI Kanban. Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting XSS - Create XSS in task content when add it. This issue is patched in version 2.0.3. There are no known workarounds...