CVE-2013-0805

Name of the Vulnerable Software and Affected Versions iTop versions 2.0, 1.2.1, 1.2, and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the search feature. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the text parameter to pages/UI.php and the expression parameter to pages/run query.php are vulnerable.

Recommendations For versions 2.0, 1.2.1, 1.2, and earlier, consider disabling the search feature until a patch is available. Restrict access to the pages/UI.php and pages/run query.php endpoints to minimize the risk of exploitation. Avoid using the text and expression parameters in the affected API endpoints until the issue is resolved.