CVE-2018-10231: Reflected/Persistent Cross-Site Scripting vulnerability in TOPdesk
CVE-2018-10232: Cross-Site Request Forgery vulnerability in TOPdesk
Affected Products
TOPdesk 8.05.016 and before
TOPdesk 5.7.SR8 and before
Unaffected Products
TOPdesk 8.05.017 (June 2018 version)
TOPdesk 5.7.SR9
TOPdesk requires a security update to address potential vulnerabilities.
A Reflected/Persistent Cross-Site Scripting (XSS) vulnerability and a Cross-Site Request Forgery (CSRF) vulnerability have been identified in TOPdesk 8.05.016, and TOPdesk 5.7.SR8 and before (CVE-2018-10231, CVE-2018-10232).
These vulnerabilities could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if these vulnerabilities are used to execute script in the browser of an authenticated user then the script may be able to gain access to the users’ session or other potentially sensitive information.
The Common Vulnerabilities and Exposures (CVE) project have assigned the ID's CVE-2018-10231 and CVE-2018-10232 to these issues. These are entries on the CVE List, which standardizes names for security problems.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10232
Credit
TOPdesk would like to thank Frank Spierings from Warpnet for reporting CVE-2018-10231 and CVE-2018-10232.
Obtaining Downloads
To obtain the latest TOPdesk product downloads, log on to your TOPdesk portal.
Obtaining More Information
For more information about TOPdesk, visit the TOPdesk website.
Getting Support and Service
For customers with current maintenance contracts, contact your TOPdesk Support center with any additional questions regarding this security Note.
Updates
TOPdesk will continue to update this page when more information is available.