Red Hat Bugzilla – Bug 1473176
CVE-2016-7507 CVE-2016-7509 glpi: Stored XSS and CSRF vulnerabilities
Last modified: 2017-07-20 03:59:55 EDT
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows
remote authenticated attackers to submit a request that could lead to
the creation of an admin account in the application.
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote
authenticated attackers to inject arbitrary web script or HTML by
attaching a crafted HTML file to a ticket.
Created glpi tracking bugs for this issue:
Affects: epel-7 [bug 1473177]