Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-34444

Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Published

2024-11-05T00:15:03.350

Last Modified

2024-11-06T14:28:46.193

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	combodo	itop	< 2.7.9	Yes
Application	combodo	itop	< 3.0.4	Yes

References

https://github.com/Combodo/iTop/security/advisories/GHSA-rwx9-rcxf-qrwv Vendor Advisory ([email protected])