CVE-2016-7509

Name of the Vulnerable Software and Affected Versions GLPI version 0.90.4

Description A cross-site scripting (XSS) issue allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For GLPI version 0.90.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the ability to attach HTML files to tickets to minimize the risk of exploitation.