An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.
References
Link | Resource |
---|---|
https://websec.nl/news.php | Third Party Advisory |
https://www.exploit-db.com/exploits/47960 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-18T14:17:18
Updated: 2020-02-18T14:17:18
Reserved: 2020-01-11T00:00:00
Link: CVE-2020-6845
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-18T15:15:12.457
Modified: 2020-02-26T21:55:38.180
Link: CVE-2020-6845
JSON object: View
Redhat Information
No data.
CWE