exploitDog

CVE-2019-13966

Опубликовано: 14 фев. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

Ссылки

https://0day.love/itop_vulnerabilities_disclosure.pdf
Broken Link
https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log
Release Notes
https://0day.love/itop_vulnerabilities_disclosure.pdf
Broken Link
https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия до 2.6.0 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-48xc-xhjj-x9r7

github

больше 3 лет назад

In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79