{"vulnerability": "cve-2026-40108", "sightings": [{"uuid": "29d4acd2-cd54-42df-9718-6b9383a7786a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40108", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlblk4t3e52k", "content": "\ud83d\udd17 CVE : CVE-2026-32312, CVE-2026-40108, CVE-2026-42317, CVE-2026-42318, CVE-2026-42320, CVE-2026-42321, CVE-2026-5385", "creation_timestamp": "2026-05-07T16:00:14.791771Z"}, {"uuid": "99443d10-b94d-4bfa-bfcf-e2913c8287e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40108", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mncq4nolce2y", "content": "\ud83d\udd17 CVE : CVE-2026-40108, CVE-2026-42318, CVE-2026-42321, CVE-2026-5385", "creation_timestamp": "2026-06-02T13:45:20.055756Z"}, {"uuid": "8791b338-5e33-4409-9d0f-0799d05d50a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40108", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mndxjolqxo2b", "content": "GLPI 11.0.0 \u2013 11.0.6 hit by HIGH severity XSS flaw. Techs can inject scripts in ITIL cost fields. Upgrade to 11.0.7 to secure your IT management stack. https://radar.offseq.com/threat/cve-2026-40108-cwe-79-improper-neutralization-of-i-b1d24331 #OffSeq #GLPI #XSS", "creation_timestamp": "2026-06-03T01:30:27.526962Z"}, {"uuid": "57f5ef68-7f2a-418e-8144-04cec1e62f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40108", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116683585947187436", "content": "\u26a0\ufe0f HIGH severity: CVE-2026-40108 impacts GLPI (11.0.0 \u2013 11.0.6). Privileged technicians can inject XSS via ITIL cost fields. Upgrade to 11.0.7 to fix. No active exploits, but patching is critical. https://radar.offseq.com/threat/cve-2026-40108-cwe-79-improper-neutralization-of-i-b1d24331 #OffSeq #CVE202640108 #XSS #GLPI", "creation_timestamp": "2026-06-03T01:30:35.110353Z"}, {"uuid": "58b6db04-a700-4505-a2e7-f5563d0be799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40108", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3oqqyoc2g", "content": "CVE-2026-40108 - GLPI Vulnerable to Stored XSS in ITIL Costs\nCVE ID : CVE-2026-40108\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can ...", "creation_timestamp": "2026-06-03T02:44:52.061382Z"}]}