Overview
- Description
- Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
🚨 CVE-2023-34445 (Published: 2024-11-05) - A high-severity vulnerability affects Combodo iTop. Versions impacted: N°6350. Remediation is crucial! Check the advisory for details and ensure your systems are secure: https://t.co/zq0daRZL9i #CyberSecurity #VulnerabilityAlert
@transilienceai
7 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-34445 Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue … https://t.co/TZ8gGACiBl
@CVEnew
4 Nov 2024
423 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA0F67ED-5CDF-43B4-80A2-44BBB56A9624",
"versionEndExcluding": "2.7.9"
},
{
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F42542C8-DEF2-45E2-983B-B161F76C8FDA",
"versionEndExcluding": "3.0.4",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
}
]
}
]