PT-2024-13409 · Itop+1 · Itop+1
Nguyễn Hữu Cường
·
Published
2024-01-04
·
Updated
2025-02-06
·
CVE-2023-47123
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
iTop versions prior to 3.1.1
iTop versions prior to 3.2.0
Description
The issue allows an XSS attack to be performed when an object is displayed as an n:n relation item in another object, by filling malicious code in an object friendlyname or complementary name.
Recommendations
For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue.
For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting the input for object friendlyname and complementary name fields to prevent malicious code injection until a patch is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Itop