Vulnerability Details CVE-2023-43790
iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 5.7
References
- https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732
- https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97
- https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732
- https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97