You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal GLPI administrator cookie.
Patches
Upgrade to 10.0.3.
Workarounds
Do not use a registration key created by an untrusted person.
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Learn more on MITRE.
Edr4 Analyst
Impact
Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal GLPI administrator cookie.
Patches
Upgrade to 10.0.3.
Workarounds
Do not use a registration key created by an untrusted person.