CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-31402
https://notcve.org/view.php?id=CVE-2022-31402
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. Se ha detectado que ITOP versión v3.0.1 contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del archivo /itop/webservices/export-v2.php • https://github.com/YavuzSahbaz/CVE-2022-31402 https://github.com/YavuzSahbaz/CVE-2022-31402/blob/main/iTop%203.0.1%20XSS%20Vulnerability https://sourceforge.net/projects/itop https://www.itophub.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-41162 – Cross-site Scripting in Combodo iTop
https://notcve.org/view.php?id=CVE-2021-41162
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0 https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 1CVE-2022-24870 – Stored Cross-site Scripting in Combodo iTop
https://notcve.org/view.php?id=CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/Combodo/iTop/security/advisories/GHSA-29h7-jw2p-pcw3 https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6b59e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41161 – XSS in csvimport in 3.0.0-beta versions
https://notcve.org/view.php?id=CVE-2021-41161
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue. Combodo iTop es una herramienta de administración de servicios de TI basada en la web. • https://github.com/Combodo/iTop/commit/c8f3d23d30c018bc44189b38fa34a5fffb4edb22 https://github.com/Combodo/iTop/security/advisories/GHSA-788f-g6g9-f8fc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24811 – Cross-site Scripting in Combodo iTop
https://notcve.org/view.php?id=CVE-2022-24811
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. Combodi iTop es una herramienta de Administración de Servicios de TI basada en la web. • https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4 https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc https://huntr.dev/bounties/1625056478879-Combodo/iTop • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •