CVE-2019-13966

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-13966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-13966
Published
2020-02-14T22:15:10Z
Modified
2024-09-03T02:25:51.402246Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type
GIT
Repo
https://github.com/combodo/itop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

2.*

2.5.1
2.6.0-products