What the vulnerability does
01Description
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
CVSS base score
—
Key dates
02Disclosure timeline
May 26, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-5279 Qiwen Netdisk File Rename cross site scripting
CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui
CVE-2025-5237 Target Video Easy Publish <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
CVE-2026-48221 Open ISES Tickets < 3.44.2 Reflected XSS via ics205a.php frm_add_str Parameter
CVE-2024-13023 PHPGurukul Maid Hiring Management System Search Maid Page search-maid.php cross site scripting
