CVE-2023-47622

EPSS 0.44%
Veröffentlicht 15.04.2024 18:15:08
Zuletzt bearbeitet 06.02.2025 21:00:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iTop vulnerable to XSS vulnerability in dashlet refresh

iTop is an IT service management platform.  When dashlet are refreshed, XSS attacks are possible.  This vulnerability is fixed in 3.0.4 and 3.1.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Combodo ≫ Itop Version < 3.0.4

Combodo ≫ Itop Version >= 3.1.0 < 3.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9

Patch

https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-47622

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-47622

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-47622

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-47622