Page 6 of 63 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. iTop es una plataforma de gestión de servicios de TI basada en web y de código abierto. Antes de las versiones 3.0.4 y 3.1.0, al mostrar `pages/preferences.php`, era posible realizar Cross-Site Scripting (XSS). Este problema se solucionó en las versiones 3.0.4 y 3.1.0. • https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10 https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1. • https://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229 https://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b https://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm • CWE-330: Use of Insufficiently Random Values •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1. • https://github.com/Combodo/iTop/commit/4c1df9927d1dc6b0181ee20721f93346def026fd https://github.com/Combodo/iTop/commit/bdebea62b642622ed71410b26c81e8537e6e58fa https://github.com/Combodo/iTop/security/advisories/GHSA-vj96-j84g-jhx4 • CWE-863: Incorrect Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. Se ha detectado que ITOP versión v3.0.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del archivo /itop/pages/ajax.render.php • https://github.com/IbrahimEkimIsik/CVE-2022-31403 https://github.com/IbrahimEkimIsik/CVE/blob/main/CVE-2022-31403 https://sourceforge.net/projects/itop https://www.itophub.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. Se ha detectado que ITOP versión v3.0.1 contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del archivo /itop/webservices/export-v2.php • https://github.com/YavuzSahbaz/CVE-2022-31402 https://github.com/YavuzSahbaz/CVE-2022-31402/blob/main/iTop%203.0.1%20XSS%20Vulnerability https://sourceforge.net/projects/itop https://www.itophub.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •