CVE-2018-10231: Reflected/Persistent Cross-Site Scripting vulnerability in TOPdesk
CVE-2018-10232: Cross-Site Request Forgery vulnerability in TOPdesk
TOPdesk 8.05.016 and before
TOPdesk 5.7.SR8 and before
TOPdesk 8.05.017 (June 2018 version)
TOPdesk requires a security update to address potential vulnerabilities.
A Reflected/Persistent Cross-Site Scripting (XSS) vulnerability and a Cross-Site Request Forgery (CSRF) vulnerability have been identified in TOPdesk 8.05.016, and TOPdesk 5.7.SR8 and before (CVE-2018-10231, CVE-2018-10232).
These vulnerabilities could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if these vulnerabilities are used to execute script in the browser of an authenticated user then the script may be able to gain access to the users’ session or other potentially sensitive information.
The Common Vulnerabilities and Exposures (CVE) project have assigned the ID's CVE-2018-10231 and CVE-2018-10232 to these issues. These are entries on the CVE List, which standardizes names for security problems.
TOPdesk would like to thank Frank Spierings from Warpnet for reporting CVE-2018-10231 and CVE-2018-10232.
To obtain the latest TOPdesk product downloads, log on to your TOPdesk portal.
Obtaining More Information
For more information about TOPdesk, visit the TOPdesk website.
Getting Support and Service
For customers with current maintenance contracts, contact your TOPdesk Support center with any additional questions regarding this security Note.
TOPdesk will continue to update this page when more information is available.