CVE-2025-59935

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

Published Dec 17, 2025

https://github.com/glpi-project/glpi/security/advisories/GHSA-j8vv-9f8m-r7jx

CVSS ScoreMedium

6.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-59935

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

Published Dec 17, 2025

https://github.com/glpi-project/glpi/security/advisories/GHSA-j8vv-9f8m-r7jx

CVSS ScoreMedium

6.5

No packages found

Try adjusting your search terms.

Ecosystem	Package	Version

No packages found

Try adjusting your search terms.

Find vulnerabilities. Fix fast with AI.

CVE-2025-59935

CVE-2025-59935

No packages found

No packages found