CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2013-0805
https://notcve.org/view.php?id=CVE-2013-0805
20 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de XSS en la funcionalidad de búsqueda en iTop (también conocido como IT Operations Portal) 2.0, 1.2.1, 1.2 y anteriore... • http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 8CVE-2011-4275 – Open Flash Chart 2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2011-4275
26 Nov 2011 — Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the categ... • https://www.exploit-db.com/exploits/29210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •