← Back

CVE-2013-0805

nvd nist
Published: Mar 20, 2014Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php. NOTE: some of these details are obtained from third party information.

Affected (24)

Products: Combodo: Itop
Combodo
1 product
Itop
Configuration A
24 vulnerable
Vulnerable SoftwareAffected Versions
Combodo
Itop
Up to 2.0
Itop
Version 0.7.1
Itop
Version 0.7.2
Itop
Version 0.8.1.3
Itop
Version 0.8
Itop
Version 0.9.1
Itop
Version 0.9
Itop
Version 0.9 beta
Itop
Version 1.0.1
Itop
Version 1.0.2
Itop
Version 1.0.2 beta
Itop
Version 1.0
Itop
Version 1.0 beta
Itop
Version 1.1.181
Itop
Version 1.1
Itop
Version 1.1 beta
Itop
Version 1.2.0
Itop
Version 1.2.0 rc282
Itop
Version 1.2.1
Itop
Version 1.2.1 beta
Itop
Version 1.2
Itop
Version 1.2 beta
Itop
Version 2.0 beta2
Itop
Version 2.0 beta

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.