CVE-2023-44396

Summary

iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.

Affected Software

VendorProductVersion RangeStatus
CombodoiTop< 2.7.1affected
CombodoiTop>= 3.0.0, < 3.0.4affected
CombodoiTop>= 3.1.0, < 3.1.1affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References