CVE-2023-43790

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732
https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97
https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732
https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97

Configurations

No configuration.

History

21 Nov 2024, 08:24

Type	Values Removed	Values Added
Summary		(es) iTop es una plataforma de gestión de servicios de TI. Al manipular las consultas HTTP, un usuario puede inyectar contenido malicioso en los campos utilizados para el valor del nombre descriptivo del objeto. Esta vulnerabilidad se solucionó en 3.1.1 y 3.2.0.
References	~~() https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732 -~~	() https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732 -
References	~~() https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97 -~~	() https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97 -

15 Apr 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-15 17:15

Updated : 2024-11-21 08:24

NVD link : CVE-2023-43790

Mitre link : CVE-2023-43790

CVE.ORG link : CVE-2023-43790

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

5.7 /10