Lucene search

GitHub_MCVE-2023-47626

HistoryApr 15, 2024 - 6:15 p.m.

CVE-2023-47626

2024-04-1518:15:08

CWE-79

GitHub_M

web.nvd.nist.gov

itop

it service management

xss attacks

vulnerability

personal tokens

display

edit

fixed

3.1.1

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

iTop is an IT service management platform. When displaying/editing the user’s personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1.

Affected configurations

Vulners

Node

combodoitopRange3.1.0–3.1.1

VendorProductVersionCPE
combodoitop*cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
combodo	itop	*	cpe:2.3:a:combodo:itop::::::::

CNA Affected

[
  {
    "vendor": "Combodo",
    "product": "iTop",
    "versions": [
      {
        "version": ">= 3.1.0, < 3.1.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/Combodo/iTop/security/advisories/GHSA-vv3v-9vrv-h95h

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-47626