VYPR
Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Dec 16, 2025

GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page

CVE-2025-59935

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/GlpiOSV2 versions
    10.0.0, 10.0.1, 10.0.10, …+ 1 more
    • (no CPE)range: 10.0.0, 10.0.1, 10.0.10, …
    • (no CPE)range: >=10.0.0, <10.0.21

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.