Unrated severityNVD Advisory· Published Apr 5, 2022· Updated Apr 22, 2025

Cross-site Scripting in Combodo iTop

CVE-2022-24811

Description

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

Affected products

Combodo/Itopv5
Range: < 2.7.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4mitrex_refsource_MISC
github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgcmitrex_refsource_CONFIRM
huntr.dev/bounties/1625056478879-Combodo/iTop/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000