Lucene search

[email protected]NVD:CVE-2023-47488

HistoryNov 09, 2023 - 6:15 a.m.

CVE-2023-47488

2023-11-0906:15:24

CWE-79

[email protected]

web.nvd.nist.gov

combodo itop

cross site scripting

sensitive information

general information page

contact page

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

15.9%

JSON

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.

Affected configurations

Nvd

Node

combodoitopMatch3.1.0-2-11973

VendorProductVersionCPE
combodoitop3.1.0-2-11973cpe:2.3:a:combodo:itop:3.1.0-2-11973:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
combodo	itop	3.1.0-2-11973	cpe:2.3:a:combodo:itop:3.1.0-2-11973:::::::*

References

bugplorer.github.io/cve-xss-itop/

nitipoom-jar.github.io/CVE-2023-47488/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

15.9%

JSON

Related for NVD:CVE-2023-47488

prion1 cvelist1 cve1