Vulnerability CVE-2022-31402: Information
Description
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
itop | sisyphus | 3.0.3-alt1 | 3.1.1.1-alt1 | ALT-PU-2023-1879-1 | 321861 | Fixed |
itop | sisyphus_e2k | 3.0.3-alt1 | 3.1.1.1-alt1 | ALT-PU-2023-3678-1 | - | Fixed |
itop | p10 | 3.1.1.1-alt1 | 3.1.1.1-alt1 | ALT-PU-2024-4537-3 | 343613 | Fixed |
itop | p10_e2k | 3.1.1.1-alt1 | 3.1.1.1-alt1 | ALT-PU-2024-4805-1 | - | Fixed |
itop | c10f1 | 3.1.1.1-alt1 | 3.1.1.1-alt1 | ALT-PU-2024-4961-2 | 343640 | Fixed |
itop | c9f2 | 3.1.1.1-alt1 | 3.1.1.1-alt1 | ALT-PU-2024-4547-3 | 343621 | Fixed |
itop | p11 | 3.0.3-alt1 | 3.1.1.1-alt1 | ALT-PU-2023-1879-1 | 321861 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.itophub.io/ |
|
https://github.com/YavuzSahbaz/CVE-2022-31402/blob/main/iTop%203.0.1%20XSS%20Vulnerability |
|
https://sourceforge.net/projects/itop/ |
|