CVE-2023-47488

Name of the Vulnerable Software and Affected Versions Combodo iTop version 3.1.0-2-11973

Description The issue allows a local attacker to obtain sensitive information via a crafted script to the attrib manager id parameter in the General Information page and the id parameter in the contact page. This is a Cross Site Scripting vulnerability.

Recommendations For Combodo iTop version 3.1.0-2-11973, as a temporary workaround, consider restricting access to the General Information page and the contact page until a patch is available. Avoid using the attrib manager id and id parameters in these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.