Vulnerability Description
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Combodo | Itop | 3.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/Combodo/iTop/security/advisories/GHSA-29h7-jw2p-pcw3Third Party Advisory
- https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7aeExploitPatchThird Party Advisory
- https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6bPatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-29h7-jw2p-pcw3Third Party Advisory
- https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7aeExploitPatchThird Party Advisory
- https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6bPatchThird Party Advisory
FAQ
What is CVE-2022-24870?
CVE-2022-24870 is a vulnerability with a CVSS score of 8.7 (HIGH). Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a s...
How severe is CVE-2022-24870?
CVE-2022-24870 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24870?
Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.