diff --git a/3421ff97909c794839a731e68eb8910a8dea7cc2.patch b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
new file mode 100644
index 0000000..6c39d87
--- /dev/null
+++ b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
@@ -0,0 +1,21 @@
+From 3421ff97909c794839a731e68eb8910a8dea7cc2 Mon Sep 17 00:00:00 2001
+From: Johan Cwiklinski <jcwiklinski@teclib.com>
+Date: Thu, 1 Mar 2018 09:26:04 +0100
+Subject: [PATCH] Escape get keys to prevent possible xss
+
+---
+ inc/html.class.php | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/inc/html.class.php b/inc/html.class.php
+index a985db5250..bcf1ab4c0c 100644
+--- a/inc/html.class.php
++++ b/inc/html.class.php
+@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) {
+          echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>";
+ 
+          foreach ($tab as $key => $val) {
++            $key = Toolbox::clean_cross_side_scripting_deep($key);
+             echo "<tr class='tab_bg_1'><td class='top right'>";
+             echo $key;
+             $is_array = is_array($val);
diff --git a/glpi.spec b/glpi.spec
index 71a1161..acb3eaa 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -1,6 +1,6 @@
 # Fedora/remirepo spec file for glpi
 #
-# Copyright (c) 2007-2015 Remi Collet
+# Copyright (c) 2007-2018 Remi Collet
 # License: CC-BY-SA
 # http://creativecommons.org/licenses/by-sa/4.0/
 #
@@ -28,7 +28,7 @@
 
 Name:           glpi
 Version:        0.90.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -49,6 +49,8 @@ Patch0:         glpi-0.90-cron.patch
 Patch1:         glpi-0.90-autoload.patch
 # Upstream patches
 Patch2:         glpi-0.90-upstream.patch
+# CVE-2018-7563
+Patch3:         https://github.com/glpi-project/glpi/commit/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
 
 BuildArch:      noarch
 BuildRequires:  gettext
@@ -129,6 +131,7 @@ grep %{version} config/define.php
 %patch0 -p0
 %patch1 -p0
 %patch2 -p1
+%patch3 -p1
 
 find . -name \*.orig -exec rm {} \; -print
 
@@ -302,6 +305,9 @@ fi
 
 
 %changelog
+* Sat Mar 17 2018 Remi Collet <remi@remirepo.net> - 0.90.5-2
+- escape get keys to prevent possible xss CVE-2018-7563
+
 * Wed Jul 27 2016 Remi Collet <remi@fedoraproject.org> - 0.90.5-1
 - update to 0.90.5
   https://github.com/glpi-project/glpi/issues?q=milestone:0.90.5