Reflective Cross-Site Scripting Vulnerability in GLPI Inventory Plugin by GLPI
CVE-2025-26626

6.5MEDIUM

Key Information:

Vendor: GLPI Project
Status: Glpi-inventory-plugin
Vendor: CVE Published:; 14 March 2025

🔔 Create GLPI Project Vulnerability Alert

What is CVE-2025-26626?

The GLPI Inventory Plugin, a key component of the GLPI asset management system, has a vulnerability present in versions prior to 1.5.0. This issue allows attackers to exploit reflective cross-site scripting, potentially executing malicious JavaScript code in user sessions. The vulnerability highlights the need for updates to ensure the security of user data and interactions. Users are strongly encouraged to upgrade to version 1.5.0 to mitigate this risk.

Affected Version(s)

glpi-inventory-plugin < 1.5.0

References

https://github.com/glpi-project/glpi-inventory-plugin/sec...

x_refsource_CONFIRM

https://github.com/glpi-project/glpi-inventory-plugin/blo...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Feb 12, 2025