The dashboard id is not sanitized correctly, and could be used for XSS injection.
Many thanks to TheNerdOne for his report !
Combodo ref N°2853 https://sourceforge.net/p/itop/tickets/1846/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11697
If you have any questions or comments about this advisory: Email us at itop-security@combodo.com
Impact
The dashboard id is not sanitized correctly, and could be used for XSS injection.
Patches
Credits
Many thanks to TheNerdOne for his report !
References
Combodo ref N°2853
https://sourceforge.net/p/itop/tickets/1846/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11697
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com