The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
History

Fri, 10 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Title GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

Fri, 10 Jul 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Pluginsglpi
Pluginsglpi glpi 11
Vendors & Products Pluginsglpi
Pluginsglpi glpi 11

Thu, 09 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
Title GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-07-09T15:44:04.474Z

Updated: 2026-07-10T15:37:52.045Z

Reserved: 2026-06-11T16:07:13.001Z

Link: CVE-2026-53987

cve-icon Vulnrichment

Updated: 2026-07-09T17:49:04.843Z

cve-icon NVD

No data.

cve-icon Redhat

No data.