landing-page_header_it_02.jpg

CVE-2017-7276: Reflected Cross-Site Scripting vulnerability in TOPdesk 7.03.018, 5.7.5 and before (CVE-2017-7276) 

This vulnerability affects the following versions of TOPdesk:

 

Affected Products

TOPdesk 7.03.018 and before

TOPdesk 5.7.5 and before

 

Unaffected Products

TOPdesk 7.03.019

TOPdesk 5.7.6 

Summary

TOPdesk requires a security update to address potential vulnerabilities.

Details

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in TOPdesk 7.03.018, 5.7.5 and before (CVE-2017-7276)

This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execute script in the browser of an authenticated user then the script may be able to gain access to the users’ session or other potentially sensitive information.

 

The Common Vulnerabilities and Exposures (CVE) project has assigned the ID CVE-2017-7276 to this issue. This is an entry on the CVE List, which standardizes names for security problems.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7276

CVE ID: CVE-2017-7276

CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Credit

TOPdesk would like to thank Ken Cijsouw from Sincerus for reporting CVE-2017-7276.

Obtaining Downloads

To obtain the latest TOPdesk product downloads, log on to your TOPdesk portal.

Obtaining More Information

For more information about TOPdesk, visit the TOPdesk website.

Getting Support and Service

For customers with current maintenance contracts, contact your TOPdesk Support center with any additional questions regarding this security Note.

Updates

TOPdesk will continue to update this page when more information is available.

 

 

Last Modified: 2017-03-31