CVE-2026-42321 – GLPI has stored XSS in asset locks

CVE ID :CVE-2026-42321

Published : June 3, 2026, 4:16 p.m. | 16 minutes ago

Description :GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-46272 – coresight: tmc-etr: Fix race condition between sysfs and perf mode

CVE-2026-46273 – ibmveth: Disable GSO for packets with small MSS

CVE-2026-46271 – wifi: ath12k: do WoW offloads only on primary link

CVE-2026-46270 – power: supply: rt9455: Fix use-after-free in power_supply_changed()