{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43790", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-22T14:51:42.338Z", "datePublished": "2024-04-15T17:10:39.144Z", "dateUpdated": "2024-08-02T19:52:11.363Z"}, "containers": {"cna": {"title": "iTop vulnerable to XSS in friendlyname in object details", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97"}, {"name": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732", "tags": ["x_refsource_MISC"], "url": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732"}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"version": ">= 3.1.0, < 3..1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-15T17:10:39.144Z"}, "descriptions": [{"lang": "en", "value": "iTop is an IT service management platform.  By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.\n"}], "source": {"advisory": "GHSA-96xm-p83r-hm97", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T18:44:58.231949Z", "id": "CVE-2023-43790", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T16:36:12.279Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.363Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97"}, {"name": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97", "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732", "name": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.363Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43790", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T18:44:58.231949Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T18:43:17.558Z"}}], "cna": {"title": "iTop vulnerable to XSS in friendlyname in object details", "source": {"advisory": "GHSA-96xm-p83r-hm97", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"status": "affected", "version": ">= 3.1.0, < 3..1.1"}]}], "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97", "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732", "name": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "iTop is an IT service management platform.  By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-15T17:10:39.144Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43790", "state": "PUBLISHED", "dateUpdated": "2024-08-02T19:52:11.363Z", "dateReserved": "2023-09-22T14:51:42.338Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-15T17:10:39.144Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "matchCriteriaId": "E46BEA8B-6ECB-44B7-9509-99E2CBB569EC", "versionEndExcluding": "3.1.1", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iTop is an IT service management platform.  By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.\n"}, {"lang": "es", "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Al manipular las consultas HTTP, un usuario puede inyectar contenido malicioso en los campos utilizados para el valor del nombre descriptivo del objeto. Esta vulnerabilidad se solucion\u00f3 en 3.1.1 y 3.2.0."}], "id": "CVE-2023-43790", "lastModified": "2025-02-06T20:56:06.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-15T17:15:07.103", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}