XSS in Glpi-project Glpi

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (23.2th percentile) — read the EPSS interpretation.

Affected products

Glpi-project Glpi — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

help@fluidattacks.com (third-party-advisory)
help@fluidattacks.com (product)
help@fluidattacks.com (vendor-advisory)
help@fluidattacks.com (patch)