CVE-2024-52000

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 3.2.0

Description The issue is a reflected Cross-site Scripting (XSS) exploit that occurs when editing a request's payload, leading to malicious javascript execution. This has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page.

Recommendations For versions prior to 3.2.0, upgrade to version 3.2.0 to patch the vulnerability. As a temporary workaround, consider restricting access to the editing functionality of requests until the upgrade is applied. There are no known workarounds for this vulnerability.