CVE-2019-13966

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-13966

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13966.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-13966

Published

2020-02-14T22:15:10.203Z

Modified

2025-11-14T09:12:08.270603Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a2ddb30f7801bdb779947de35f7fe17f00d79e95

Affected versions

2.*

2.5.1

2.6.0-products

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13966.json"