Description
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Combodo/iTop/security/advisories/GHSA-jmv2-wfh5-h5wg
Scores
CVSS v3
7.9
EPSS
0.0021
EPSS Percentile
10.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
CWE-79
Status
published
Products (2)
combodo/itop
3.2.0 alpha1 (5 CPE variants)
combodo/itop
< 2.7.11
Published
Dec 13, 2024
Tracked Since
Feb 18, 2026