Vulnerability Description
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Combodo | Itop | < 2.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4PatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgcThird Party Advisory
- https://huntr.dev/bounties/1625056478879-Combodo/iTop/ExploitThird Party Advisory
- https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4PatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgcThird Party Advisory
- https://huntr.dev/bounties/1625056478879-Combodo/iTop/ExploitThird Party Advisory
FAQ
What is CVE-2022-24811?
CVE-2022-24811 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This is...
How severe is CVE-2022-24811?
CVE-2022-24811 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24811?
Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.