CVE-2026-40108
GLPI Vulnerable to Stored XSS in ITIL Costs
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.
| CWE | CWE-79 |
| Vendor | glpi-project |
| Product | glpi |
| Published | Jun 2, 2026 |
| Last Updated | Jun 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for glpi-project glpi
Be the first to know when new unknown vulnerabilities affecting glpi-project glpi are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
glpi-project / glpi
>= 11.0.0, < 11.0.7