In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
References
Link | Resource |
---|---|
https://0day.love/itop_vulnerabilities_disclosure.pdf | Broken Link |
https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-14T21:02:47
Updated: 2020-02-14T21:02:47
Reserved: 2019-07-18T00:00:00
Link: CVE-2019-13966
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-14T22:15:10.203
Modified: 2020-02-19T13:51:14.673
Link: CVE-2019-13966
JSON object: View
Redhat Information
No data.
CWE