PT-2026-22838 · WordPress+1 · Glpi Inventory Plugin+1

Troubledconqueror

Publicado

2026-03-03

Atualizado

2026-03-20

CVE-2026-25590

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions prior to 1.6.6

Description The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. A reflected cross-site scripting (XSS) issue exists in task jobs. The vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. The issue is present in versions before 1.6.6.

Recommendations Update to GLPI Inventory Plugin version 1.6.6 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2026-05701

CVE-2026-25590

GHSA-54X7-6FHX-3WMW

Produtos afetados

Glpi Inventory Plugin

Red Os

PT-2026-22838 · WordPress+1 · Glpi Inventory Plugin+1

CVE-2026-25590

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12