XSS vulnerability in authent-token

High

Molkobain published GHSA-vv3v-9vrv-h95h

Apr 15, 2024

Package

iTop (Sourceforge)

Affected versions

3.1.0

Patched versions

3.1.1, 3.2.0

Description

Impact

When displaying/editing the user's personal tokens, XSS attacks are possible

Patches

Fixed in 3.1.1

References

Combodo ref N°6800

Thanks to tdf-discipline-cybersecurity

Severity

High

8.8

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H