CVE-2023-34443

Published Nov 5, 2024

Last updated 11 days ago

CVSS medium 6.1

Overview

Description
Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2023-34443 (Published: 2024-11-05) - High severity vulnerability in Combodo iTop. Affects specific versions; ensure you're updated! Remediation steps are available at the advisory link. Protect your systems now! 🔒🔧 More info: https://t.co/ly1V8oJLR0 #CyberSecurity #CVE

    @transilienceai

    7 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2023-34443 Cross-Site Scripting Vulnerability in Combodo iTop Upgrade Now: Combodo iTop is an easy web tool used for IT Service Management. A Cross-Site Scripting (XSS) vulnerability exists when showing the R... https://t.co/GFvOrbaPAF

    @VulmonFeeds

    5 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2023-34443 Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script… https://t.co/z9szCjyYcN

    @CVEnew

    4 Nov 2024

    463 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References