Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
iTop跨站脚本漏洞和多个HTML注入漏洞
Vulnerability Description
iTop中存在跨站脚本漏洞和多个HTML注入漏洞,攻击者提供的HTML和脚本代码可以在受影响的浏览器上下文中运行。该漏洞源于对用户提供的输入没有经过正确的过滤,攻击者可利用该漏洞利窃取基于cookie的认证证书或者控制网站传达给用户的方式,也可能造成其他的攻击。iTop 1.1.181版本中存在该漏洞,其他版本也可能受影响。
CVSS Information
N/A
Vulnerability Type
N/A