Stored XSS in glpi-project/glpi
Sep 26th 2022
- login as user glpi/glpi (admin user)
- go to HOME->SETUP->GENERAL http://yoursite.com/front/config.form.php
- Edit the field (Text in the login box (HTML tags supported)) and insert the payload.
- try the XSS.
Proof of Concept