CVE-2026-25590
MEDIUMglpi_inventory < 1.6.6 - Reflected Cross-Site Scripting in Task Jobs
Title source: llmDescription
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-54x7-6fhx-3wmw
Scores
CVSS v3
4.5
EPSS
0.0004
EPSS Percentile
12.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
glpi-project/glpi_inventory
< 1.6.6
Published
Mar 03, 2026
Tracked Since
Mar 04, 2026