Most severe medium severity vulnerabilities for vendor "glpi-project"

GLPIGLPI: Plugins are disabled accessing one page

medium

6.9

First published (updated )

CVE-2025-23024

GLPICSRF

medium

6.8

First published (updated )

CVE-2012-4002

GLPISQL Injection, CSRF

medium

6.8

First published (updated )

CVE-2013-5696

GLPIInsecure Direct Object Reference (IDOR) on "Solutions"

medium

6.8

First published (updated )

CVE-2021-21324

GLPIXSS injection in ajax/kanban

medium

6.8

First published (updated )

CVE-2021-21258

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

GLPIStored Cross Site Scripting (XSS) through global search in GLPI

medium

6.8

First published (updated )

CVE-2022-31187

GLPIglpi subject to Cross-site Scripting (XSS) - Reflected

medium

6.8

First published (updated )

CVE-2023-22722

GLPIGLPI has a stored XSS via document upload

medium

6.7

First published (updated )

CVE-2024-47759

GLPIGLPI reflected XSS in reports pages

medium

6.5

EPSS

0.05%

First published (updated )

CVE-2024-23645

GLPIglpi Users emails enumeration

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-27937

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

GLPISensitive fields access through dropdowns in GLPI

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-27930

GLPIGLPI has multiple reflected XSS

medium

6.5

First published (updated )

CVE-2024-41678

GLPIGLPI has multiple reflected XSS

medium

6.5

First published (updated )

CVE-2024-43418

GLPIReflected XSS in Software form

medium

6.5

First published (updated )

CVE-2024-43417

GLPIGLPI has a Reflected XSS in /front/stat.graph.php

medium

6.5

First published (updated )

CVE-2024-45609

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

GLPIGLPI has a reflected XSS in ajax/cable.php

medium

6.5

First published (updated )

CVE-2024-45610

GLPIGLPI vulnerable to exposure of sensitive information in the `status.php` endpoint

medium

6.5

First published (updated )

CVE-2025-21626

GLPIGLPI Cross-site Scripting vulnerability

medium

6.5

First published (updated )

CVE-2025-21627

GLPIGLPI allows unauthorized access to debug mode

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2025-25192

GLPISensitive fields enumeration through API in GLPI

medium

6.5

First published (updated )

CVE-2023-41321

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

GLPICode Injection

medium

6.5

First published (updated )

CVE-2012-1037

GLPISQL Injection

medium

6.5

First published (updated )

CVE-2014-9258

GLPIAutologin cookie accessible by scripts

medium

6.5

First published (updated )

CVE-2021-39210

GLPISQL injection through plugin controller in GLPI

medium

6.5

First published (updated )

CVE-2022-35946

GLPIImproper input validation on emails links in GLPI

medium

6.5

First published (updated )

CVE-2022-39376

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

GLPIglpi vulnerable to Unauthorized access to data export

medium

6.5

First published (updated )

CVE-2023-23610

GLPIInfoleak

medium

6.5

First published (updated )

CVE-2022-34125

GLPIGLPI vulnerable to reflected XSS in search pages

medium

6.5

First published (updated )

CVE-2023-34244

GLPIGLPI vulnerable to unauthorized access to KnowbaseItem data

medium

6.5

First published (updated )

CVE-2023-34107

GLPIGLPI vulnerable to unauthorized access to User data

medium

6.5

First published (updated )

CVE-2023-34106

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Trending

GLPIGLPI: Plugins are disabled accessing one page

GLPICSRF

GLPISQL Injection, CSRF

GLPIInsecure Direct Object Reference (IDOR) on "Solutions"

GLPIXSS injection in ajax/kanban

Never miss a vulnerability like this again

GLPIStored Cross Site Scripting (XSS) through global search in GLPI

GLPIglpi subject to Cross-site Scripting (XSS) - Reflected

GLPIGLPI has a stored XSS via document upload

GLPIGLPI reflected XSS in reports pages

GLPIglpi Users emails enumeration

Never miss a vulnerability like this again

GLPISensitive fields access through dropdowns in GLPI

GLPIGLPI has multiple reflected XSS

GLPIGLPI has multiple reflected XSS

GLPIReflected XSS in Software form

GLPIGLPI has a Reflected XSS in /front/stat.graph.php

Never miss a vulnerability like this again

GLPIGLPI has a reflected XSS in ajax/cable.php

GLPIGLPI vulnerable to exposure of sensitive information in the `status.php` endpoint

GLPIGLPI Cross-site Scripting vulnerability

GLPIGLPI allows unauthorized access to debug mode

GLPISensitive fields enumeration through API in GLPI

Never miss a vulnerability like this again

GLPICode Injection

GLPISQL Injection

GLPIAutologin cookie accessible by scripts

GLPISQL injection through plugin controller in GLPI

GLPIImproper input validation on emails links in GLPI

Never miss a vulnerability like this again

GLPIglpi vulnerable to Unauthorized access to data export

GLPIInfoleak

GLPIGLPI vulnerable to reflected XSS in search pages

GLPIGLPI vulnerable to unauthorized access to KnowbaseItem data

GLPIGLPI vulnerable to unauthorized access to User data

Never miss a vulnerability like this again

Company

Resources

Contact