CVE-2013-0805

iTop <2.0-1.2.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php. NOTE: some of these details are obtained from third party information.

References (7)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html

[Third Party Advisory, VDB Entry] http://osvdb.org/89574

[Vendor Advisory] http://secunia.com/advisories/51702

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/81498

[Various Sources] https://www.csnc.ch/misc/files/advisories/CVE-2013-0805.txt

[Mailing List] http://seclists.org/bugtraq/2013/Jan/102

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/119767/iTop-Cross-Site-Scripting.html

Scores

EPSS 0.0042

EPSS Percentile 61.9%

Details

CWE

CWE-79

Status published

Products (25)

combodo/itop < 2.0

combodo/itop

combodo/itop

combodo/itop

combodo/itop

combodo/itop

combodo/itop

combodo/itop

combodo/itop

combodo/itop

... and 15 more

Published Mar 20, 2014

Tracked Since Feb 18, 2026