A vulnerability was discovered in inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. Reference: https://github.com/glpi-project/glpi/releases/tag/9.4.3 Upstream commit: https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
Created glpi tracking bugs for this issue: Affects: epel-7 [bug 1727707] Affects: fedora-all [bug 1727706]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.