iTop: Cross-site Scripting Vulnerability Affects Simple IT Service Management Tool
CVE-2023-34443

6.1MEDIUM

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 5 November 2024

What is CVE-2023-34443?

Combodo iTop, a widely used web-based IT Service Management tool, is vulnerable to cross-site scripting (XSS) attacks. The vulnerability allows the execution of malicious scripts that are not enclosed within script tags when displaying page run queries. This vulnerability can potentially expose sensitive information and compromise the integrity of the application. Users are strongly advised to upgrade to the latest versions 2.7.9, 3.0.4, or 3.1.0 to mitigate the risks associated with this vulnerability, as no workarounds are available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iTop < 2.7.9 < 2.7.9

iTop >= 3.0.0, < 3.0.4 < 3.0.0, 3.0.4

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...

x_refsource_CONFIRM

https://huntr.dev/bounties/c230d55d-1f0e-40c3-8c7e-20587d...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 5, 2024

JSON

Combodo