CVE-2024-51994

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 3.2.0

Description The issue is related to a Cross-site Scripting (XSS) vulnerability that can be triggered by uploading a text file containing JavaScript to the portal. This is a web-based IT Service Management tool.

Recommendations For versions prior to 3.2.0, upgrade to version 3.2.0 to address the issue. As a temporary workaround, consider restricting the upload of text files to the portal until the upgrade is applied. Avoid using the portal's file upload feature with untrusted input until the issue is resolved.