Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24870

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.

Published

2022-04-21T17:15:09.207

Last Modified

2024-11-21T06:51:17.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.7 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	combodo	itop	3.0.0	Yes
Application	combodo	itop	3.0.0	Yes

References

https://github.com/Combodo/iTop/security/advisories/GHSA-29h7-jw2p-pcw3 Third Party Advisory ([email protected])
https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b Exploit, Patch, Third Party Advisory ([email protected])
https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6b59e Patch, Third Party Advisory ([email protected])
https://github.com/Combodo/iTop/security/advisories/GHSA-29h7-jw2p-pcw3 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6b59e Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)