CVE-2026-5385

Description

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7.

References

• https://fluidattacks.com/es/advisories/bizkit
• https://github.com/glpi-project/glpi
• https://github.com/glpi-project/glpi/releases/tag/11.0.7
• https://github.com/glpi-project/glpi/security/advisories/GHSA-2fg5-jg72-h338