PT-2020-19260 · Topmanage · Topmanage Olk
Published
2020-02-18
·
Updated
2020-02-26
·
CVE-2020-6845
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TopManage OLK version 2020
Description
The issue allows for a DOM-Based XSS attack, enabling the takeover of user and admin accounts due to the lack of ReadOnly protection on the Session cookie.
Recommendations
For TopManage OLK version 2020, consider implementing proper cookie security, such as setting the ReadOnly flag on the Session cookie, to prevent unauthorized access and potential account takeovers. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Topmanage Olk