CVE-2023-47622

iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9	Patch
https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh	Vendor Advisory
https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9	Patch
https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:combodo:itop::::::::
	cpe:2.3:a:combodo:itop::::::::

History

06 Feb 2025, 21:00

Type	Values Removed	Values Added
References	~~() https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9 -~~	() https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9 - Patch
References	~~() https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh -~~	() https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh - Vendor Advisory
CPE		cpe:2.3:a:combodo:itop::::::::
First Time		Combodo Combodo itop

21 Nov 2024, 08:30

Type	Values Removed	Values Added
Summary		(es) iTop es una plataforma de gestión de servicios de TI. Cuando se actualizan los dashlet, es posible realizar ataques XSS. Esta vulnerabilidad se solucionó en 3.0.4 y 3.1.1.
References	~~() https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9 -~~	() https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9 -
References	~~() https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh -~~	() https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh -

15 Apr 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-15 18:15

Updated : 2025-02-06 21:00

NVD link : CVE-2023-47622

Mitre link : CVE-2023-47622

CVE.ORG link : CVE-2023-47622

JSON object : View

Products Affected

combodo

itop

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-47622", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-04-15T18:15:08.510", "references": [{"url": "https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Combodo/iTop/commit/09be84f69da0fe44221f63b8c2db041bdf7dd7f9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-q9cm-q7fc-frxh", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1."}, {"lang": "es", "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Cuando se actualizan los dashlet, es posible realizar ataques XSS. Esta vulnerabilidad se solucion\u00f3 en 3.0.4 y 3.1.1."}], "lastModified": "2025-02-06T21:00:13.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9189E922-30ED-4E69-9B1F-6AD643A37BF7", "versionEndExcluding": "3.0.4"}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46BEA8B-6ECB-44B7-9509-99E2CBB569EC", "versionEndExcluding": "3.1.1", "versionStartIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}