CVE-2022-24811

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Combodi iTop versions prior to 2.7.6 and 3.0.0

Description Combodi iTop is a web-based IT Service Management tool. The issue allows for cross-site scripting for scripts outside of script tags when displaying HTML attachments. There are currently no known workarounds for this issue.

Recommendations For versions prior to 2.7.6, update to version 2.7.6 or later. For versions prior to 3.0.0, update to version 3.0.0 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-1879

ALT-PU-2024-4537

ALT-PU-2024-4547

ALT-PU-2024-4961

CVE-2022-24811

GHSA-67X5-MQG4-RVGC

Affected Products

Alt Linux

Combodo Itop

CVE-2022-24811

Weakness Enumeration

Related Identifiers

Affected Products

References · 8