{"id":"CVE-2019-1010310","details":"GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools \u003e Reminder \u003e Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.","modified":"2026-04-10T04:13:42.071123Z","published":"2019-07-12T18:15:11.560Z","references":[{"type":"ADVISORY","url":"https://github.com/glpi-project/glpi/releases/tag/9.3.1"},{"type":"FIX","url":"https://github.com/glpi-project/glpi/pull/5519"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/glpi-project/glpi","events":[{"introduced":"0"},{"last_affected":"a9d1277b66cd614c656faf3fd6944456ee316c55"},{"fixed":"a9d1277b66cd614c656faf3fd6944456ee316c55"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.3.1"}]}}],"versions":["0.90","0.90-RC1","0.90-RC2","0.90-beta1","0.90-beta2","9.1","9.1-RC1","9.1-RC2","9.3-RC1","9.3-RC2","9.3-beta","9.3.0","9.3.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010310.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"}]}