CVE-2022-31402
MEDIUMiTop 3.0.1 - Cross-Site Scripting via export-v2.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-31402. PoCs published by YSah44.
Description
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://sourceforge.net/projects/itop/
Vendor Advisory x_refsource_misc
https://www.itophub.io/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/YavuzSahbaz/CVE-2022-31402/blob/main/iTop%203.0.1%20XSS%20Vulnerability
Scores
CVSS v3
6.1
EPSS
0.0214
EPSS Percentile
79.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
combodo/itop
3.0.1
Published
Jun 10, 2022
Tracked Since
Feb 18, 2026