{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T01:43:42.142","vulnerabilities":[{"cve":{"id":"CVE-2025-21627","sourceIdentifier":"security-advisories@github.com","published":"2025-02-25T16:15:37.863","lastModified":"2025-03-04T14:31:30.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue."},{"lang":"es","value":"GLPI es un paquete de software gratuito de gestión de activos y TI. En versiones anteriores a la 10.0.18, se puede crear un enlace malicioso para realizar un ataque XSS reflejado en la página de búsqueda. Si está habilitada la creación de tickets anónimos, un usuario no autenticado puede realizar este ataque. La versión 10.0.18 contiene una solución para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.18","matchCriteriaId":"233C795E-1AEA-4457-8A7A-22C9C152DCF2"}]}]}],"references":[{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}