What is CVE-2022-24870?

CVE-2022-24870 is a vulnerability in the Combodo iTop IT Service Management tool that allows for stored cross-site scripting attacks.

What is the severity of CVE-2022-24870?

The severity of CVE-2022-24870 is high, with a CVSS score of 5.4.

How does CVE-2022-24870 affect Combodo iTop?

CVE-2022-24870 affects Combodo iTop 3.0.0 beta releases prior to 3.0.0 beta3 by enabling a stored cross-site scripting attack through the customization mechanism.

How can I fix CVE-2022-24870?

To fix CVE-2022-24870, users are advised to upgrade to Combodo iTop 3.0.0 beta3 or a later version.

CWE-79 is a category of software weaknesses that covers cross-site scripting vulnerabilities.

Vulnerability/
CVE-2022-24870

high

8.7

CWE

21/4/2022

3/8/2024

CVE-2022-24870: Stored Cross-site Scripting in Combodo iTop

First published: Thu Apr 21 2022(Updated: )

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Combodo iTop	=3.0.0-beta
Combodo iTop	=3.0.0-beta2

Remedy

https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b

Remedy

https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6b59e

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-24870?
CVE-2022-24870 is a vulnerability in the Combodo iTop IT Service Management tool that allows for stored cross-site scripting attacks.
What is the severity of CVE-2022-24870?
The severity of CVE-2022-24870 is high, with a CVSS score of 5.4.
How does CVE-2022-24870 affect Combodo iTop?
CVE-2022-24870 affects Combodo iTop 3.0.0 beta releases prior to 3.0.0 beta3 by enabling a stored cross-site scripting attack through the customization mechanism.
How can I fix CVE-2022-24870?
To fix CVE-2022-24870, users are advised to upgrade to Combodo iTop 3.0.0 beta3 or a later version.
What is CWE-79?
CWE-79 is a category of software weaknesses that covers cross-site scripting vulnerabilities.

collector/nvd-index
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/title
agent/author
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/combodo
canonical/combodo itop
version/combodo itop/3.0.0-beta
version/combodo itop/3.0.0-beta2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2022-24870: Stored Cross-site Scripting in Combodo iTop

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-24870?

What is the severity of CVE-2022-24870?

How does CVE-2022-24870 affect Combodo iTop?

How can I fix CVE-2022-24870?

What is CWE-79?

Company

Resources

Contact