Vulnerability CVE-2022-31403: Information

Description

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.

Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM (4.3)
Vector: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2022-31403
Published: June 14, 2022
Modified: Nov. 21, 2024
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
itopsisyphus3.0.3-alt13.2.2-alt2ALT-PU-2023-1879-3321861Fixed
itopsisyphus_e2k3.0.3-alt13.1.1.1-alt1ALT-PU-2023-3678-1-Fixed
itopp113.0.3-alt13.1.1.1-alt1ALT-PU-2023-1879-3321861Fixed
itopp103.1.1.1-alt13.1.1.1-alt1ALT-PU-2024-4537-3343613Fixed
itopp10_e2k3.1.1.1-alt13.1.1.1-alt1ALT-PU-2024-4805-1-Fixed
itopc10f23.1.1.1-alt13.2.2-alt1ALT-PU-2024-4549-3343622Fixed
itopc9f23.1.1.1-alt13.2.0.2-alt0.c9f2.1ALT-PU-2024-4547-3343621Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/IbrahimEkimIsik/CVE/blob/main/CVE-2022-31403
  • Exploit
  • Third Party Advisory
https://sourceforge.net/projects/itop/
  • Product
https://www.itophub.io/
  • Product
    1. cpe:2.3:a:combodo:itop:3.0.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.2.2
Back to top