📄 Description (English)
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
🤖 AI Executive Summary
GLPI versions 11.0.0 through 11.0.5 contain an unauthenticated stored XSS vulnerability in the inventory endpoint that allows attackers to inject malicious scripts without authentication. This vulnerability poses a significant risk to organizations using GLPI for IT asset management, as it can lead to session hijacking, credential theft, and lateral movement within enterprise networks. The lack of authentication requirement makes this particularly dangerous for Saudi organizations managing critical IT infrastructure.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 4, 2026 12:48
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi government agencies, healthcare institutions, and large enterprises using GLPI for IT asset management. Government entities under NCA oversight and healthcare organizations regulated by MOH are at elevated risk. Banking sector organizations using GLPI for infrastructure management could face compliance violations with SAMA CSF requirements. Telecommunications companies and energy sector organizations managing critical infrastructure through GLPI are also vulnerable. The unauthenticated nature of the exploit makes it particularly dangerous for organizations with internet-facing GLPI instances.
🏢 Affected Saudi Sectors
Government
Healthcare
Banking
Energy
Telecommunications
Education
Large Enterprises
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all GLPI instances in your environment and determine their version (check /glpi/config/config_db.php or admin panel)
2. Restrict network access to GLPI inventory endpoints using WAF rules or network segmentation
3. Implement IP whitelisting for GLPI access if possible
4. Monitor access logs for suspicious inventory endpoint requests
PATCHING GUIDANCE:
1. Upgrade to GLPI 11.0.6 or later immediately when available
2. If running versions 11.0.0-11.0.5, plan emergency patching within 48 hours
3. Test patches in non-production environment first
COMPENSATING CONTROLS (until patch available):
1. Deploy WAF rules to block POST/PUT requests to /inventory endpoints from untrusted sources
2. Implement Content Security Policy (CSP) headers to prevent XSS execution
3. Disable inventory endpoint if not actively used
4. Implement reverse proxy authentication in front of GLPI
DETECTION RULES:
1. Monitor for HTTP requests to /inventory endpoints with script tags or event handlers in parameters
2. Alert on unusual inventory data modifications from unauthenticated sessions
3. Search logs for payloads containing: <script>, onerror=, onload=, javascript:
4. Monitor for stored XSS indicators in inventory database records
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع مثيلات GLPI في بيئتك وحدد إصدارها
2. قيد الوصول إلى نقاط نهاية المخزون باستخدام قواعد WAF أو تقسيم الشبكة
3. طبق قائمة بيضاء للعناوين IP لوصول GLPI إن أمكن
4. راقب سجلات الوصول للطلبات المريبة
إرشادات التصحيح:
1. قم بالترقية إلى GLPI 11.0.6 أو أحدث فوراً عند توفره
2. إذا كنت تقوم بتشغيل الإصدارات 11.0.0-11.0.5، خطط للتصحيح الطارئ خلال 48 ساعة
3. اختبر التصحيحات في بيئة غير الإنتاج أولاً
الضوابط البديلة:
1. نشر قواعد WAF لحظر طلبات POST/PUT إلى نقاط نهاية المخزون
2. تطبيق رؤوس سياسة أمان المحتوى (CSP)
3. تعطيل نقطة نهاية المخزون إذا لم تكن قيد الاستخدام
4. تطبيق المصادقة بواسطة وكيل عكسي
قواعد الكشف:
1. راقب طلبات HTTP إلى نقاط نهاية المخزون التي تحتوي على علامات البرامج النصية
2. تنبيهات على تعديلات بيانات المخزون غير العادية
3. ابحث عن الحمولات التي تحتوي على: <script>، onerror=، onload=
4. راقب مؤشرات XSS المخزنة في سجلات قاعدة البيانات
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights management
A.7.1.1 - Physical and environmental security
A.12.2.1 - Restrictions on software installation
A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
ID.GV-1 - Organizational context and governance
PR.AC-1 - Access control policy and procedures
PR.DS-6 - Data is protected from unauthorized access
DE.CM-1 - The network is monitored for unauthorized connections
RS.MI-1 - Incidents are contained
🟡 ISO 27001:2022
6.5.1 - Control of operational software
8.1.1 - Information security policy
8.2.1 - User registration and access rights
8.3.1 - Password management
12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
6.2 - Ensure all system components and software are protected from known vulnerabilities
6.5.7 - Cross-site scripting (XSS)
11.2 - Run automated vulnerability scanning tools
📦 Affected Products / CPE 1 entries
glpi-project:glpi