XSS in Glpi-project Glpi

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.