CVE-2013-0805: XSS
First published: Thu Mar 20 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iTop | <=2.0 | |
| iTop | =0.7.1 | |
| iTop | =0.7.2 | |
| iTop | =0.8 | |
| iTop | =0.8.1.3 | |
| iTop | =0.9 | |
| iTop | =0.9-beta | |
| iTop | =0.9.1 | |
| iTop | =1.0 | |
| iTop | =1.0-beta | |
| iTop | =1.0.1 | |
| iTop | =1.0.2 | |
| iTop | =1.0.2-beta | |
| iTop | =1.1 | |
| iTop | =1.1-beta | |
| iTop | =1.1.181 | |
| iTop | =1.2 | |
| iTop | =1.2-beta | |
| iTop | =1.2.0 | |
| iTop | =1.2.0-rc282 | |
| iTop | =1.2.1 | |
| iTop | =1.2.1-beta | |
| iTop | =2.0-beta | |
| iTop | =2.0-beta2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html
- http://osvdb.org/89574
- http://packetstormsecurity.com/files/119767/iTop-Cross-Site-Scripting.html
- http://seclists.org/bugtraq/2013/Jan/102
- http://secunia.com/advisories/51702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81498
- https://www.csnc.ch/misc/files/advisories/CVE-2013-0805.txt
Frequently Asked Questions
What is the severity of CVE-2013-0805?
CVE-2013-0805 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-0805?
To fix CVE-2013-0805, upgrade to a patched version of iTop beyond 2.0 that addresses the cross-site scripting vulnerabilities.
What versions of iTop are affected by CVE-2013-0805?
CVE-2013-0805 affects iTop versions 2.0, 1.2.1, 1.2, and earlier.
What are cross-site scripting vulnerabilities like CVE-2013-0805?
Cross-site scripting vulnerabilities, like CVE-2013-0805, allow attackers to inject malicious scripts into web pages viewed by users.
What parameters are involved in CVE-2013-0805?
CVE-2013-0805 involves the 'text' parameter in pages/UI.php and the 'expression' parameter in pages/run_query.php for exploitation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/combodo
- canonical/itop
- version/itop/2.0
- version/itop/0.7.1
- version/itop/0.7.2
- version/itop/0.8
- version/itop/0.8.1.3
- version/itop/0.9
- version/itop/0.9-beta
- version/itop/0.9.1
- version/itop/1.0
- version/itop/1.0-beta
- version/itop/1.0.1
- version/itop/1.0.2
- version/itop/1.0.2-beta
- version/itop/1.1
- version/itop/1.1-beta
- version/itop/1.1.181
- version/itop/1.2
- version/itop/1.2-beta
- version/itop/1.2.0
- version/itop/1.2.0-rc282
- version/itop/1.2.1
- version/itop/1.2.1-beta
- version/itop/2.0-beta
- version/itop/2.0-beta2