Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal GLPI administrator cookie.
Patches
Upgrade to 10.0.3.
Workarounds
Do not use a registration key created by an untrusted person.
Impact
Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal GLPI administrator cookie.
Patches
Upgrade to 10.0.3.
Workarounds
Do not use a registration key created by an untrusted person.