Vulnerability Details : CVE-2017-7276
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2017-7276
- cpe:2.3:a:topdesk:topdesk:*:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.014:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.022:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.001:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.011:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.016:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.020:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.013:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.014:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.015:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.017:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.027:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.037:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.040:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.11.003:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.005:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.006:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.008:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.011:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.003:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.004:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.005:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.006:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.02.021:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.02.016:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.02.014:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.02.013:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.02.012:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.06.001:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.05.023:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.05.020:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.06.011:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.010:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.030:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.031:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.033:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.034:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.023:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.024:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.008:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.015:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.008:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.013:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.015:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.020:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.002:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.006:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.007:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.008:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.009:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.002:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.005:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.007:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.03.022:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.05.007:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.05.006:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.04.023:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.04.021:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.024:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.029:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.001:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.010:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.012:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.018:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.021:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.022:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.026:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.11.015:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.11.030:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.007:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.022:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.026:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.013:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.016:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.016:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.002:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.007:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.014:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.03.019:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.03.007:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.01.020:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.01.001:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.04.019:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.06.014:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.019:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.07.023:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.021:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.08.025:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.005:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.011:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.019:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.09.022:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.021:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.10.025:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.11.024:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.006:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.12.025:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.001:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.012:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.04.015:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.010:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.05.017:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.013:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:6.06.020:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.03.020:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.03.008:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.01.024:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.01.008:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.06.005:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.06.010:*:*:*:*:*:*:*
- cpe:2.3:a:topdesk:topdesk:7.03.018:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7276
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7276
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-7276
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7276
-
http://page.topdesk.com/cve-2017-7276
Security Advisory CVE-2017-7276 | TOPdesk software and consultancyVendor Advisory
Jump to