CVE-2023-34444

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.9 Combodo iTop versions prior to 3.0.4 Combodo iTop versions prior to 3.1.0

Description Combodo iTop is a simple, web-based IT Service Management tool. When displaying pages, specifically the "ajax.searchform.php" page, Cross-Site Scripting (XSS) attacks are possible for scripts outside of script tags.

Recommendations For versions prior to 2.7.9, upgrade to version 2.7.9 or later. For versions prior to 3.0.4, upgrade to version 3.0.4 or later. For versions prior to 3.1.0, upgrade to version 3.1.0 or later. As a temporary workaround, consider restricting access to the vulnerable "ajax.searchform.php" page until a patch is applied.