CVE-2023-34446

iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:combodo:itop:3.0.3:*:*:*:*:*:*:*

History

31 Oct 2023, 15:19

Type Values Removed Values Added
CPE cpe:2.3:a:combodo:itop:3.0.3:*:*:*:*:*:*:*
References (MISC) https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10 - (MISC) https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10 - Patch
References (MISC) https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68 - (MISC) https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
First Time Combodo itop
Combodo

25 Oct 2023, 18:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-25 18:17

Updated : 2024-02-28 20:33


NVD link : CVE-2023-34446

Mitre link : CVE-2023-34446

CVE.ORG link : CVE-2023-34446


JSON object : View

Products Affected

combodo

  • itop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')