CVE-2013-0805

EUVD-2013-0816
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression parameter to pages/run_query.php.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
combodoitop
𝑥
≤ 2.0
combodoitop
0.7.1
combodoitop
0.7.2
combodoitop
0.8
combodoitop
0.8.1.3
combodoitop
0.9
combodoitop
0.9:beta
combodoitop
0.9.1
combodoitop
1.0
combodoitop
1.0:beta
combodoitop
1.0.1
combodoitop
1.0.2
combodoitop
1.0.2:beta
combodoitop
1.1
combodoitop
1.1:beta
combodoitop
1.1.181
combodoitop
1.2
combodoitop
1.2:beta
combodoitop
1.2.0
combodoitop
1.2.0:rc282
combodoitop
1.2.1
combodoitop
1.2.1:beta
combodoitop
2.0:beta
combodoitop
2.0:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html
http://osvdb.org/89574
http://packetstormsecurity.com/files/119767/iTop-Cross-Site-Scripting.html
http://seclists.org/bugtraq/2013/Jan/102
http://secunia.com/advisories/51702
https://exchange.xforce.ibmcloud.com/vulnerabilities/81498
https://www.csnc.ch/misc/files/advisories/CVE-2013-0805.txt
http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html
http://osvdb.org/89574
http://packetstormsecurity.com/files/119767/iTop-Cross-Site-Scripting.html
http://seclists.org/bugtraq/2013/Jan/102
http://secunia.com/advisories/51702
https://exchange.xforce.ibmcloud.com/vulnerabilities/81498
https://www.csnc.ch/misc/files/advisories/CVE-2013-0805.txt