In iTop up to and including 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
combodo itop |