VYPR
Unrated severityNVD Advisory· Published Apr 21, 2022· Updated Apr 22, 2025

Stored Cross-site Scripting in Combodo iTop

CVE-2022-24870

Description

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    <3.0.0-beta3+ 1 more
    • (no CPE)range: <3.0.0-beta3
    • (no CPE)range: >= 3.0.0-beta, < 3.0.0-beta3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.