CVE-2023-34444

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 79

Summary

CVE-2023-34444 affects the iTop IT Service Management tool by Combodo. This vulnerability allows cross-site scripting (XSS) attacks when displaying pages on the ajax.searchform.php. The issue can be exploited by scripts outside of script tags. Users are urged to upgrade to versions 2.7.9, 3.0.4, or 3.1.0 to mitigate the risk. No known workarounds are available for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Combodo iTop

Affected Vendors

Combodo

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzabhh
https://www.cve.org/CVERecord?id=CVE-2023-34444
https://nvd.nist.gov/vuln/detail/CVE-2023-34444

Back to Vulnerability Database