CVE-2024-52000

MEDIUM

Combodo iTop < 3.2.0 - Reflected Cross-Site Scripting via Request Payload

Title source: llm
STIX 2.1

Description

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0036
EPSS Percentile 27.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
combodo/itop < 3.2.0
Published Nov 08, 2024
Tracked Since Feb 18, 2026