Yavolo

**Name of the Vulnerable Software and Affected Versions** GLPI versions 10.0.4 through 10.0.24 **Description** A technician can store a Cross-Site Scripting (XSS) payload in the asset locked tab. XSS is a type of security flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update to version 10.0.25 or 11.0.7.

**Name of the Vulnerable Software and Affected Versions** GLPI versions 11.0.0 through 11.0.6 **Description** An authenticated user with forms READ permission can export the structure of unauthorized forms. **Recommendations** Update to version 11.0.7.