Arbitrary Web Script Injection in Combodo iTop Dashboard Title

Arbitrary Web Script Injection in Combodo iTop Dashboard Title

CVE-2015-6544 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.

Learn more about our Web App Pen Testing.