CVE-2023-34445

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 79

Summary

CVE-2023-34445 is a vulnerability affecting the Combodo iTop IT Service Management tool. The issue lies in the ajax.render.php file, which allows Cross-Site Scripting (XSS) attacks when displaying pages. This means an attacker can inject malicious scripts into the web application, potentially gaining unauthorized access to user data or taking control of the user's session. The vulnerability has been addressed in versions 2.7.9, 3.0.4, and 3.1.0, and all users are urged to upgrade as soon as possible. No known workarounds exist to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Combodo iTop

Affected Vendors

Combodo

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzabhj
https://www.cve.org/CVERecord?id=CVE-2023-34445
https://nvd.nist.gov/vuln/detail/CVE-2023-34445

Back to Vulnerability Database