CVE-2026-25590

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25590

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25590.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25590

Aliases

GHSA-54x7-6fhx-3wmw

Published

2026-03-03T22:14:01.596Z

Modified

2026-04-10T05:40:38.782150Z

Severity

4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

GLPI Inventory Plugin has Reflected XSS in task jobs

Details

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25590.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/glpi-project/glpi-inventory-plugin

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi-inventory-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b0c5d82629e3b47993003fe499e279802bcfdb66

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.0-beta1

1.6.0-beta2

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25590.json"