← back
CVE-2024-52000

Reflected Cross-site Scripting exploit in Combodo iTop

CVSS 8.1 HIGHEPSS 0.4%CWE-79
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
Combodo · iTop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Combodo/iTop/security/advisories/GHSA-r58g-p5r9-8hfg