iTop XSS vulnerability on pages/UI.php
CVE-2023-34447

8.8HIGH

Key Information:

Vendor

Combodo

Status
Itop
Vendor
CVE Published:
25 October 2023

What is CVE-2023-34447?

iTop, an open-source IT service management platform, is susceptible to cross-site scripting (XSS) vulnerabilities on the 'pages/UI.php' file in versions prior to 3.0.4 and 3.1.0. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and exposing sensitive information. It is critical for users of affected versions to update to the patches provided in the newer releases to mitigate this risk.

Affected Version(s)

iTop < 3.0.4

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/Combodo/iTop/commit/519751faa10b2fc5b7...
x_refsource_MISC
https://github.com/Combodo/iTop/commit/b8f61362f570e1ef81...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.