CVE-2024-47759

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to insufficient protection of the web page structure and inadequate data sanitization in GLPI, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. This can be achieved by uploading a malicious SVG script, which will be executed when a user attempts to view the document contents.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting the upload of SVG files or disabling the functionality that allows technicians to upload documents until a patch is applied. Avoid using the affected functionality until the issue is resolved.