Browse all 5 CVE security advisories affecting glpi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GLPI serves as an IT service management and asset tracking platform, primarily used for inventory management and helpdesk operations. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the platform's CVE history reflects ongoing challenges in secure coding practices. Users must maintain regular updates and implement proper hardening measures to mitigate risks, as unpatched instances remain attractive targets for attackers seeking to gain unauthorized access or deploy malicious payloads.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-28639 | GLPI vulnerable to reflected Cross-site Scripting in search pages — glpiCWE-79 | 6.1 | Medium | 2023-04-05 |
| CVE-2022-39181 | GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS) — Reports plugin for GLPICWE-79 | 6.1 | Medium | 2022-11-17 |
| CVE-2020-11062 | Reflexive XSS in GLPI — GLPICWE-79 | 6.0 | Medium | 2020-05-12 |
| CVE-2019-1010307 | Teclib GLPI 跨站脚本漏洞 — GLPI Product | 5.4 | - | 2019-07-15 |
| CVE-2019-1010310 | Teclib GLPI 信任管理问题漏洞 — GLPI Product | 3.5 | - | 2019-07-12 |
This page lists every published CVE security advisory associated with glpi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.