iTop: Cross-site Scripting Vulnerability Affects Simple IT Service Management Tool
CVE-2023-34443

6.1MEDIUM

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 5 November 2024

What is CVE-2023-34443?

Combodo iTop, a widely used web-based IT Service Management tool, is vulnerable to cross-site scripting (XSS) attacks. The vulnerability allows the execution of malicious scripts that are not enclosed within script tags when displaying page run queries. This vulnerability can potentially expose sensitive information and compromise the integrity of the application. Users are strongly advised to upgrade to the latest versions 2.7.9, 3.0.4, or 3.1.0 to mitigate the risks associated with this vulnerability, as no workarounds are available.

Affected Version(s)

iTop < 2.7.9 < 2.7.9

iTop >= 3.0.0, < 3.0.4 < 3.0.0, 3.0.4

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...

x_refsource_CONFIRM

https://huntr.dev/bounties/c230d55d-1f0e-40c3-8c7e-20587d...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2024