Search
Find a vulnerability
Search criteria
2 vulnerabilities found for GLPI 11 by pluginsGLPI
CVE-2026-53987 (GCVE-0-2026-53987)
Vulnerability from nvd – Published: 2026-07-09 15:44 – Updated: 2026-07-09 17:49
VLAI
EPSS
VEX
Title
GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
Summary
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/tag/security/advis… | vendor-advisory |
| https://github.com/pluginsGLPI/tag/releases/tag/2.14.4 | patch |
| https://github.com/pluginsGLPI/tag | product |
| https://github.com/pluginsGLPI/tag/commit/49e6b6e… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | GLPI 11 |
Affected:
2.6.0 , < 2.14.4
(semver)
|
Date Public
2026-07-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T17:48:51.132634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:49:14.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GLPI 11",
"vendor": "pluginsGLPI",
"versions": [
{
"lessThan": "2.14.4",
"status": "affected",
"version": "2.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "chapochapo"
}
],
"datePublic": "2026-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:44:04.474Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory GHSA-6rpj-89c7-x2mh",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/pluginsGLPI/tag/security/advisories/GHSA-6rpj-89c7-x2mh"
},
{
"name": "Tag Plugin 2.14.4 Release",
"tags": [
"patch"
],
"url": "https://github.com/pluginsGLPI/tag/releases/tag/2.14.4"
},
{
"name": "Product",
"tags": [
"product"
],
"url": "https://github.com/pluginsGLPI/tag"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/pluginsGLPI/tag/commit/49e6b6eb5f83bcd84139a5e5ec54c0ddd14acc90"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GLPI 11 \u003c 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53987",
"datePublished": "2026-07-09T15:44:04.474Z",
"dateReserved": "2026-06-11T16:07:13.001Z",
"dateUpdated": "2026-07-09T17:49:14.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53987 (GCVE-0-2026-53987)
Vulnerability from cvelistv5 – Published: 2026-07-09 15:44 – Updated: 2026-07-09 17:49
VLAI
EPSS
VEX
Title
GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
Summary
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/tag/security/advis… | vendor-advisory |
| https://github.com/pluginsGLPI/tag/releases/tag/2.14.4 | patch |
| https://github.com/pluginsGLPI/tag | product |
| https://github.com/pluginsGLPI/tag/commit/49e6b6e… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | GLPI 11 |
Affected:
2.6.0 , < 2.14.4
(semver)
|
Date Public
2026-07-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T17:48:51.132634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:49:14.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GLPI 11",
"vendor": "pluginsGLPI",
"versions": [
{
"lessThan": "2.14.4",
"status": "affected",
"version": "2.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "chapochapo"
}
],
"datePublic": "2026-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:44:04.474Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory GHSA-6rpj-89c7-x2mh",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/pluginsGLPI/tag/security/advisories/GHSA-6rpj-89c7-x2mh"
},
{
"name": "Tag Plugin 2.14.4 Release",
"tags": [
"patch"
],
"url": "https://github.com/pluginsGLPI/tag/releases/tag/2.14.4"
},
{
"name": "Product",
"tags": [
"product"
],
"url": "https://github.com/pluginsGLPI/tag"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/pluginsGLPI/tag/commit/49e6b6eb5f83bcd84139a5e5ec54c0ddd14acc90"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GLPI 11 \u003c 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53987",
"datePublished": "2026-07-09T15:44:04.474Z",
"dateReserved": "2026-06-11T16:07:13.001Z",
"dateUpdated": "2026-07-09T17:49:14.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}