What is CVE-2019-13965?

CVE-2019-13965 is a vulnerability in iTop that allows for multiple Reflective XSS issues due to a lack of sanitization around error messages.

What is the severity of CVE-2019-13965?

CVE-2019-13965 has a severity rating of 6.1, which is classified as medium severity.

How does CVE-2019-13965 affect iTop?

CVE-2019-13965 affects iTop versions up to and including 2.6.0.

How can the Reflective XSS issues in iTop be exploited?

The Reflective XSS issues in iTop can be exploited by sending malicious input through the param_file parameter to specific PHP files.

Are there any available patches or fixes for CVE-2019-13965?

At the moment, there is no information available on official patches or fixes for CVE-2019-13965. It is recommended to follow the official iTop documentation and stay updated with any security announcements.

Vulnerability/
CVE-2019-13965

medium

6.1

CWE

14/2/2020

5/8/2024

CVE-2019-13965: XSS

First published: Fri Feb 14 2020(Updated: )

Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Combodo iTop	<=2.6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-13965?
CVE-2019-13965 is a vulnerability in iTop that allows for multiple Reflective XSS issues due to a lack of sanitization around error messages.
What is the severity of CVE-2019-13965?
CVE-2019-13965 has a severity rating of 6.1, which is classified as medium severity.
How does CVE-2019-13965 affect iTop?
CVE-2019-13965 affects iTop versions up to and including 2.6.0.
How can the Reflective XSS issues in iTop be exploited?
The Reflective XSS issues in iTop can be exploited by sending malicious input through the param_file parameter to specific PHP files.
Are there any available patches or fixes for CVE-2019-13965?
At the moment, there is no information available on official patches or fixes for CVE-2019-13965. It is recommended to follow the official iTop documentation and stay updated with any security announcements.

collector/nvd-index
agent/weakness
agent/author
agent/type
agent/references
agent/severity
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/combodo
canonical/combodo itop
version/combodo itop/2.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.