Impact
One can exploit a XSS to redict the user by uploading a malicious svg on user's avatar
Patches
Workarounds
Do not expose the files folder to the web.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
mail us at glpi-security@ow2.org
Impact
One can exploit a XSS to redict the user by uploading a malicious svg on user's avatar
Patches
Workarounds
Do not expose the files folder to the web.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
mail us at glpi-security@ow2.org