2 matches found
CVE-2026-25932
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
CVE-2026-25932
GLPI (free Asset and IT Management Software) is affected from versions 0.60 up to before 10.0.24. The root cause is improper output encoding/escaping in the Website field of the supplier component, allowing an authenticated technician to store an XSS payload. Impact stated across sources includes...