Vulnerability CVE-2022-31402: Information

Description

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-31402
Published: June 10, 2022
Modified: June 17, 2022
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
itopsisyphus3.0.3-alt13.1.1.1-alt1ALT-PU-2023-1879-1321861Fixed
itopsisyphus_e2k3.0.3-alt13.1.1.1-alt1ALT-PU-2023-3678-1-Fixed
itopp103.1.1.1-alt13.1.1.1-alt1ALT-PU-2024-4537-3343613Fixed
itopp10_e2k3.1.1.1-alt13.1.1.1-alt1ALT-PU-2024-4805-1-Fixed
itopc10f13.1.1.1-alt13.1.1.1-alt1ALT-PU-2024-4961-2343640Fixed
itopc9f23.1.1.1-alt13.1.1.1-alt1ALT-PU-2024-4547-3343621Fixed
itopp113.0.3-alt13.1.1.1-alt1ALT-PU-2023-1879-1321861Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.itophub.io/
  • Vendor Advisory
https://github.com/YavuzSahbaz/CVE-2022-31402/blob/main/iTop%203.0.1%20XSS%20Vulnerability
  • Exploit
  • Third Party Advisory
https://sourceforge.net/projects/itop/
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:combodo:itop:3.0.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top