cvedb.io
CVE-2023-22725
MEDIUM · CVSS 6.2
EPSS exploitation probability: 0%
Published 2023-01-26T21:18:12.960 · Last modified 2026-06-17T05:36:02.420

Summary

GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.

Affected products

glpi-project — glpi

Does this affect you?

Add your gear to cvedb and we'll alert you only when glpi-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.