Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows
remote authenticated attackers to submit a request which could lead to
the creation of an admin account in the application.
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote
authenticated attackers to inject arbitrary web script or HTML by
attaching a crafted HTML file to a ticket.
Related CVE:
Thanks to Eric Carter (CS)
Should be already fixed by fc93633
The text was updated successfully, but these errors were encountered: