Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Teclib GLPI 信任管理问题漏洞
Vulnerability Description
Teclib GLPI是法国Teclib公司的一套开源的IT资产管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。 GLPI GLPI 9.3.1版本中存在安全漏洞。攻击者可利用该漏洞实施钓鱼攻击,获取用户的凭证/信用卡信息。
CVSS Information
N/A
Vulnerability Type
N/A