CVE-2023-47626 HIGH

CVE-2023-47626: iTop vulnerable to XSS vulnerability in authent-token

Vendor Combodo
Product iTop
Weakness CWE-79 · XSS
Published April 15, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1.

Key dates

02Disclosure timeline

April 15, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter CVE-2025-46965 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-6185 Leviton AcquiSuite and Energy Monitoring Hub Cross-site Scripting CVE-2021-24206 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget CVE-2026-34694 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)