2 matches found
CVE-2019-13966
In iTop through 2.6.0, an XSS payload can be delivered in certain fields such as icon of the XML file used to build the dashboard. This is similar to CVE-2015-6544 which is only about the dashboard title...
CVE-2019-13966
CVE-2019-13966 affects iTop up to version 2.6.0, enabling cross-site scripting via XSS payloads in fields within the XML used to build the dashboard (e.g., icon). The related documents confirm that the vulnerability is XSS in the dashboard XML input, but do not provide a vendor patch or definitiv...