Stored XSS - Entity name not sanitize in Ticket creation page in glpi-project/glpi


Reported on

Oct 26th 2022


An Administrator can set a Cross-Site Scripting (XSS) payload inside an entity name. This XSS will be executed on the Ticket Creation page (Menu -> Assistance -> Create Ticket).

Proof of Concept

1. Set an XSS in Entity name

Set an XSS in Entity name

2. Go to the "Create Ticket" page

Go to the "Create Ticket" page

3. XSS is excuted

XSS is excuted


XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, or modifying presentation of content. An XSS vulnerability allowing an attacker to modify a press release or news item could affect a company’s stock price or lessen consumer confidence. An XSS vulnerability on a pharmaceutical site could allow an attacker to modify dosage information resulting in an overdose.

Source OWASP - Cross Site Scripting (XSS)


We are processing your report and will contact the glpi-project/glpi team within 24 hours. a year ago
xanhacks modified the report
a year ago
We have contacted a member of the glpi-project/glpi team and are waiting to hear back a year ago
We have sent a follow up to the glpi-project/glpi team. We will try again in 4 days. a year ago
Cédric Anne validated this vulnerability a year ago
xanhacks has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Cédric Anne marked this as fixed in 10.0.4 with commit 6f208f a year ago
The fix bounty has been dropped
This vulnerability has now been published a year ago
Entity.php#L3926 has been validated
a year ago


Hey, could we assign a CVE id to this vulnerability ?

to join this conversation