XSS in Glpi-project Glpi

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.