XSS Stored via Plugin metadata.
Author: Fernando Pinheiro GLPI version: >= 9.5.4
It was possible to insert JavaScript codes into plugins metadata as Author, version,license and so on...
Once the plugin is sent to the plugins folder at /glpi/plugins
This code will be loaded into GLPI plugin instalation. Once the glpi read this information from the file and doesn't sanitize what will be rendered.