Vulnerability Database

319,478

Total vulnerabilities in the database

CVE-2025-27514

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.19.

Published: Jul 29, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-27514
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.5
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

CWEs:

CWE-79
CWE-80

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
glpi-project / glpi	9.5.0	10.0.19

https://github.com/glpi-project/glpi/commit/c340a64a11343bde706d1cd41e4be798dd922303
https://github.com/glpi-project/glpi/security/advisories/GHSA-jh8j-gqxc-6gqj

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo