{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-25932/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-25932"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["xss","glpi","cve-2026-25932"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-25932 is a stored cross-site scripting (XSS) vulnerability affecting GLPI, a free asset and IT management software package. The vulnerability exists in versions 0.60 up to, but not including, 10.0.24. An authenticated technician user, with the necessary privileges, can inject a malicious XSS payload into the supplier fields within the GLPI application. This payload is then stored in the database and executed when other users with access to the affected supplier data view the information. This can lead to session hijacking, defacement of the GLPI interface, or other malicious actions performed in the context of the victim user. Successful exploitation requires a valid technician account and user interaction. The vulnerability is patched in GLPI version 10.0.24.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to GLPI as a technician user with sufficient privileges.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the supplier management section of the GLPI interface.\u003c/li\u003e\n\u003cli\u003eAttacker identifies a supplier field vulnerable to XSS (e.g., name, address, contact).\u003c/li\u003e\n\u003cli\u003eAttacker injects a malicious JavaScript payload into the chosen supplier field.\u003c/li\u003e\n\u003cli\u003eThe malicious payload is stored in the GLPI database.\u003c/li\u003e\n\u003cli\u003eA different user (e.g., administrator or another technician) accesses the supplier record containing the XSS payload through the GLPI web interface.\u003c/li\u003e\n\u003cli\u003eThe GLPI application retrieves the supplier data from the database and renders it in the user\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript code is executed within the context of the victim user\u0026rsquo;s browser, enabling the attacker to perform actions such as stealing cookies, redirecting the user, or modifying data within GLPI.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-25932 can allow an attacker to execute arbitrary JavaScript code within the context of other GLPI users\u0026rsquo; browsers. This can result in session hijacking, where the attacker gains unauthorized access to the victim\u0026rsquo;s GLPI account. The attacker may also be able to deface the GLPI interface or modify data within the application. The CVSS v3.1 score of 7.2 indicates a high potential impact. While the precise number of vulnerable installations is unknown, any organization using GLPI versions 0.60 to 10.0.23 is potentially affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GLPI to version 10.0.24 or later to patch CVE-2026-25932.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect GLPI Suspicious HTTP Referer\u0026rdquo; to identify potential exploitation attempts targeting GLPI.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and output encoding measures to prevent XSS vulnerabilities in GLPI.\u003c/li\u003e\n\u003cli\u003eReview GLPI user permissions and roles to minimize the impact of potential XSS attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity related to GLPI, such as unusual requests or error messages.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T15:17:06Z","date_published":"2026-04-06T15:17:06Z","id":"/briefs/2026-04-glpi-xss/","summary":"CVE-2026-25932 is a cross-site scripting vulnerability in GLPI versions 0.60 to before 10.0.24, where an authenticated technician user can store a malicious XSS payload within supplier fields, potentially leading to arbitrary code execution in the context of other users' browsers.","title":"GLPI Cross-Site Scripting Vulnerability (CVE-2026-25932)","url":"https://feed.craftedsignal.io/briefs/2026-04-glpi-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-25932","version":"https://jsonfeed.org/version/1.1"}