Lucene search

PRIOn knowledge basePRION:CVE-2013-0805

HistoryMar 20, 2014 - 4:55 p.m.

Cross site scripting

2014-03-2016:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
itopeq0.8.1.3
itopeq1.2.0
itople2.0
itopeq1.1.181
itopeq1.0
itopeq1.0.1
itopeq1.0.2
itopeq0.7.1
itopeq0.9.1
itopeq0.9 beta

Name	Operator	Version
itop	eq	0.8.1.3
itop	eq	1.2.0
itop	le	2.0
itop	eq	1.1.181
itop	eq	1.0
itop	eq	1.0.1
itop	eq	1.0.2
itop	eq	0.7.1
itop	eq	0.9.1
itop	eq	0.9 beta

Rows per page:

1-10 of 241

References

archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html

osvdb.org/89574

packetstormsecurity.com/files/119767/iTop-Cross-Site-Scripting.html

seclists.org/bugtraq/2013/Jan/102

secunia.com/advisories/51702

exchange.xforce.ibmcloud.com/vulnerabilities/81498

www.csnc.ch/misc/files/advisories/CVE-2013-0805.txt

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for PRION:CVE-2013-0805