CVE-2026-5385

Published: Jun 2, 2026

Modified: Jun 3, 2026

PUBLISHED

Description

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7.

Vendor	Product	Versions
glpi-project	glpi	affected `0 - < 11.0.7`

Weaknesses (CWE)

CWE-79

References

https://fluidattacks.com/es/advisories/bizkit

third-party-advisory

https://github.com/glpi-project/glpi

product

https://github.com/glpi-project/glpi/security/advisories/GHSA-2fg5-jg72-h338

vendor-advisory

https://github.com/glpi-project/glpi/releases/tag/11.0.7

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-5385

Description

Affected Products

Weaknesses (CWE)

References