PT-2026-22838 · WordPress+1 · Glpi Inventory Plugin+1
Troubledconqueror
·
Published
2026-03-03
·
Updated
2026-03-20
·
CVE-2026-25590
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GLPI Inventory Plugin versions prior to 1.6.6
Description
The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. A reflected cross-site scripting (XSS) issue exists in task jobs. The vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. The issue is present in versions before 1.6.6.
Recommendations
Update to GLPI Inventory Plugin version 1.6.6 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glpi Inventory Plugin
Red Os