Main Vulnerability Database Vulnerabilities #VU41903

Cross-site scripting in iTop - CVE-2013-0805

Published: March 20, 2014 / Updated: May 4, 2022

Vulnerability identifier: #VU41903

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-0805

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Combodo

Affected software:
iTop

Detailed vulnerability description

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier when processing the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php. NOTE: some of these details are obtained from third party information. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

How to mitigate CVE-2013-0805

Install update from vendor's website.

Cross-site scripting in iTop - CVE-2013-0805

Detailed vulnerability description

How to mitigate CVE-2013-0805

Sources

Please verify you're human