Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
References
| Link | Resource |
|---|---|
| https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4 | Patch Third Party Advisory |
| https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc | Third Party Advisory |
| https://huntr.dev/bounties/1625056478879-Combodo/iTop/ | Exploit Third Party Advisory |
Configurations
History
19 Apr 2022, 15:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
| References | (MISC) https://huntr.dev/bounties/1625056478879-Combodo/iTop/ - Exploit, Third Party Advisory | |
| References | (CONFIRM) https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc - Third Party Advisory | |
| References | (MISC) https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4 - Patch, Third Party Advisory |
05 Apr 2022, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-05 19:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-24811
Mitre link : CVE-2022-24811
CVE.ORG link : CVE-2022-24811
JSON object : View
Products Affected
combodo
- itop
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')