MidnightBSD

Advisories for topdesk

CVE-2017-7276 MEDIUM

There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
topdesk topdesk 7.03.007
topdesk topdesk 6.12.015
topdesk topdesk 6.12.006
topdesk topdesk 6.04.012
topdesk topdesk 6.07.010
topdesk topdesk 6.09.005
topdesk topdesk 7.03.019
topdesk topdesk 6.09.013
topdesk topdesk 6.12.022
topdesk topdesk 6.04.006
topdesk topdesk 7.05.007
topdesk topdesk 6.10.037
topdesk topdesk 6.08.030
topdesk topdesk 6.08.033
topdesk topdesk 6.06.020
topdesk topdesk 6.09.011
topdesk topdesk 7.04.021
topdesk topdesk 6.11.024
topdesk topdesk 6.08.024
topdesk topdesk 6.11.015
topdesk topdesk 6.12.025
topdesk topdesk 7.04.019
topdesk topdesk 6.05.017
topdesk topdesk 6.09.018
topdesk topdesk 6.12.026
topdesk topdesk 6.05.008
topdesk topdesk 6.08.031
topdesk topdesk 7.03.008
topdesk topdesk 6.09.012
topdesk topdesk 6.09.010
topdesk topdesk 7.01.008
topdesk topdesk 6.09.022
topdesk topdesk 7.02.014
topdesk topdesk 6.06.004
topdesk topdesk 6.08.001
topdesk topdesk 6.04.008
topdesk topdesk 6.10.015
topdesk topdesk 6.08.025
topdesk topdesk 7.03.022
topdesk topdesk 7.05.023
topdesk topdesk 6.07.005
topdesk topdesk 6.08.016
topdesk topdesk 6.09.019
topdesk topdesk 7.06.014
topdesk topdesk 6.11.030
topdesk topdesk 7.04.001
topdesk topdesk 6.05.007
topdesk topdesk 6.09.014
topdesk topdesk 7.02.016
topdesk topdesk 6.09.015
topdesk topdesk 6.08.011
topdesk topdesk 7.05.020
topdesk topdesk 6.06.014
topdesk topdesk 7.01.024
topdesk topdesk 6.04.011
topdesk topdesk 6.05.009
topdesk topdesk 6.08.021
topdesk topdesk 6.11.003
topdesk topdesk 6.07.014
topdesk topdesk 6.04.001
topdesk topdesk 7.01.001
topdesk topdesk 6.06.013
topdesk topdesk 7.02.021
topdesk topdesk 7.04.004
topdesk topdesk *
topdesk topdesk 6.07.022
topdesk topdesk 6.09.021
topdesk topdesk 6.12.013
topdesk topdesk 7.05.006
topdesk topdesk 6.12.020
topdesk topdesk 6.10.026
topdesk topdesk 7.03.020
topdesk topdesk 7.06.010
topdesk topdesk 6.06.006
topdesk topdesk 6.07.019
topdesk topdesk 6.10.040
topdesk topdesk 6.12.007
topdesk topdesk 6.07.007
topdesk topdesk 6.08.020
topdesk topdesk 6.08.029
topdesk topdesk 6.06.003
topdesk topdesk 6.06.007
topdesk topdesk 6.05.006
topdesk topdesk 6.10.025
topdesk topdesk 7.06.001
topdesk topdesk 6.05.010
topdesk topdesk 6.06.005
topdesk topdesk 6.04.013
topdesk topdesk 7.06.005
topdesk topdesk 6.09.017
topdesk topdesk 7.02.012
topdesk topdesk 6.07.023
topdesk topdesk 6.09.023
topdesk topdesk 6.04.016
topdesk topdesk 6.05.016
topdesk topdesk 6.09.001
topdesk topdesk 6.08.034
topdesk topdesk 6.07.002
topdesk topdesk 6.12.008
topdesk topdesk 6.10.022
topdesk topdesk 7.06.011
topdesk topdesk 6.09.024
topdesk topdesk 7.04.023
topdesk topdesk 7.01.020
topdesk topdesk 6.04.015
topdesk topdesk 6.10.027
topdesk topdesk 6.05.002
topdesk topdesk 7.02.013
topdesk topdesk 7.03.018
topdesk topdesk 6.10.021
topdesk topdesk 6.10.008
topdesk topdesk 6.06.002
topdesk topdesk 6.04.005
CVE-2018-10231 MEDIUM

Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
topdesk topdesk *
CVE-2018-10232 MEDIUM

Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
topdesk topdesk *
topdesk topdesk 5.7
CVE-2023-34923

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.

Products Affected

Vendor Product Version
topdesk topdesk 12.10.12