CVE-2023-22724

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.6

Description The issue concerns cross-site scripting via malicious RSS feeds. An administrator can import a malicious RSS feed containing Cross Site Scripting (XSS) payloads inside RSS links. When victims visit the RSS content and click on the link, they will execute the Javascript.

Recommendations For versions prior to 10.0.6, update to version 10.0.6 to resolve the issue. As a temporary workaround, consider restricting the import of RSS feeds from untrusted sources to minimize the risk of exploitation. Avoid clicking on links from RSS feeds that may contain malicious payloads until the issue is resolved.