CVE-2019-13966

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-13966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-13966
Published
2020-02-14T22:15:10.203Z
Modified
2026-03-14T09:32:58.118857Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type
GIT
Repo
https://github.com/combodo/itop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a2ddb30f7801bdb779947de35f7fe17f00d79e95
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        }
    ]
}

Affected versions

2.*
2.5.1
2.6.0-products

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13966.json"