The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripting.
The vulnerability of the GLPI system’s request and incident handling functionality lies in the lack of cleaning during the loading of SVG files, as well as the integration of JavaScript into user avatars. Exploiting this vulnerability allows a malicious actor to carry out an attack using cross-si...