Vulnerabilities > CVE-2022-24811 - Unspecified vulnerability in Combodo Itop
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
Vulnerable Configurations
References
- https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4
- https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4
- https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc
- https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc
- https://huntr.dev/bounties/1625056478879-Combodo/iTop/
- https://huntr.dev/bounties/1625056478879-Combodo/iTop/