Unrated severityNVD Advisory· Published Feb 25, 2025· Updated Feb 25, 2025
GLPI Cross-site Scripting vulnerability
CVE-2025-21627
Description
GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue.
Affected products
1- Range: < 10.0.18
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.