CVE-2022-24811

Published: Apr 5, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

Affected (1)

Products: Combodo: Itop

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Combodo Itop	Before 2.7.6

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc

Source: security-advisories@github.com

Third Party Advisory

https://huntr.dev/bounties/1625056478879-Combodo/iTop/

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://huntr.dev/bounties/1625056478879-Combodo/iTop/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.