Lbpierre

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.5.4 **Description** The issue affects GLPI, an open-source asset and IT management software package. It allows users to define a new budget type, but the input is not correctly filtered, resulting in a cross-site scripting attack. To exploit this, an attacker needs to be authenticated. **Recommendations** For versions prior to 9.5.4, update to version 9.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the budget type definition feature to minimize the risk of exploitation.