CVE-2022-24870

Name of the Vulnerable Software and Affected Versions Combodo iTop versions 3.0.0 beta through 3.0.0 beta2

Description Combodo iTop is a web-based IT Service Management tool. A malicious script can be injected in tooltips using the iTop customization mechanism, providing a stored cross-site scripting attack vector to authorized users of the system.

Recommendations For versions 3.0.0 beta through 3.0.0 beta2, upgrade to a version newer than 3.0.0 beta2 to resolve the issue. As a temporary workaround, consider restricting the use of the iTop customization mechanism to minimize the risk of exploitation.