Name of the Vulnerable Software and Affected Versions:

GLPI versions prior to 9.5.4

Description:

The issue affects GLPI, an open-source asset and IT management software package. It allows users to define a new budget type, but the input is not correctly filtered, resulting in a cross-site scripting attack. To exploit this, an attacker needs to be authenticated.

Recommendations:

For versions prior to 9.5.4, update to version 9.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the budget type definition feature to minimize the risk of exploitation.