Mike993

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to the improper neutralization of input data during web page generation, allowing a remote attacker to execute arbitrary code using specially crafted RTF data. This can be used to steal credentials, as the GLPI administrator can define rich-text content to be displayed on the login page, which can contain malicious code. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. As a temporary workaround, consider restricting the ability to define rich-text content on the login page until the patch is applied.