Ariane

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.0 **Description** The issue is related to a lack of sanitization on SVG file uploads, allowing an attacker to inject javascript into a user's avatar. This can lead to a cross-site scripting attack when any user views the avatar. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. The vulnerability can be exploited by uploading a specially crafted SVG file, which allows the attacker to conduct a cross-site scripting attack. Technical details about exploitation include the lack of sanitization on `SVG file uploads` and the ability to inject `javascript` into the `user avatar`. **Recommendations** For versions prior to 10.0.0, users are advised to upgrade to a newer version. As a temporary workaround, users unable to upgrade should disallow SVG avatars to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.0 **Description** The issue is related to the use of ticket followups or setup login messages with a stylesheet link in GLPI, which may allow for a cross-site scripting attack vector. This is partially mitigated by the CORS security of browsers. Users are still advised to upgrade. **Recommendations** For versions prior to 10.0.0, upgrade to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of stylesheet links in ticket followups or setup login messages until a patch is available. Restrict access to the vulnerable features to minimize the risk of exploitation.