CVE-2017-7276: Reflected Cross-Site Scripting vulnerability in TOPdesk 7.03.018, 5.7.5 and before (CVE-2017-7276)
This vulnerability affects the following versions of TOPdesk:
TOPdesk 7.03.018 and before
TOPdesk 5.7.5 and before
TOPdesk requires a security update to address potential vulnerabilities.
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in TOPdesk 7.03.018, 5.7.5 and before (CVE-2017-7276)
This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execute script in the browser of an authenticated user then the script may be able to gain access to the users’ session or other potentially sensitive information.
The Common Vulnerabilities and Exposures (CVE) project has assigned the ID CVE-2017-7276 to this issue. This is an entry on the CVE List, which standardizes names for security problems.
CVE ID: CVE-2017-7276
CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Getting Support and Service
For customers with current maintenance contracts, contact your TOPdesk Support center with any additional questions regarding this security Note.
TOPdesk will continue to update this page when more information is available.
Last Modified: 2017-03-31