Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
References
Link | Resource |
---|---|
https://github.com/Combodo/iTop/commit/92a9a8c65f3cbb2cd4414ca3a3b45a5754ba57b4 | Patch Third Party Advisory |
https://github.com/Combodo/iTop/security/advisories/GHSA-67x5-mqg4-rvgc | Third Party Advisory |
https://huntr.dev/bounties/1625056478879-Combodo/iTop/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-04-05T18:35:11
Updated: 2022-04-05T18:35:11
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24811
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-05T19:15:08.170
Modified: 2022-04-19T15:21:45.163
Link: CVE-2022-24811
JSON object: View
Redhat Information
No data.
CWE