{"id":"CVE-2023-43790","summary":"iTop vulnerable to XSS in friendlyname in object details","details":"iTop is an IT service management platform.  By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.\n","aliases":["GHSA-96xm-p83r-hm97"],"modified":"2026-05-17T03:54:35.049502135Z","published":"2024-04-15T17:10:39.144Z","database_specific":{"cwe_ids":["CWE-79","CWE-80"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43790.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43790.json"},{"type":"ADVISORY","url":"https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43790"},{"type":"FIX","url":"https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}