Itop · Itop · CVE-2023-47123
**Name of the Vulnerable Software and Affected Versions**
iTop versions prior to 3.1.1
iTop versions prior to 3.2.0
**Description**
The issue allows an XSS attack to be performed when an object is displayed as an n:n relation item in another object, by filling malicious code in an object friendlyname or complementary name.
**Recommendations**
For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue.
For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting the input for object friendlyname and complementary name fields to prevent malicious code injection until a patch is applied.