mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 09:12:00 +00:00
67 lines
2.5 KiB
JSON
67 lines
2.5 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
|
|
"ID": "CVE-2019-1010310",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "GLPI Product",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "9.3.1 [fixed: 9.4.1]"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "GLPI"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Frame and Form tags Injection allowing admins to phish users by putting code in reminder description"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/glpi-project/glpi/releases/tag/9.3.1",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/glpi-project/glpi/releases/tag/9.3.1"
|
|
},
|
|
{
|
|
"url": "https://github.com/glpi-project/glpi/pull/5519",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/glpi-project/glpi/pull/5519"
|
|
}
|
|
]
|
|
}
|
|
} |