Overview
- Description
- Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upgrade should validate CSV content before importing it.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-31448 Cross-site Scripting Vulnerability in Combodo iTop CSV Import Fixed Combodo iTop, a simple web-based IT Service Management tool, has a Cross-Site Scripting (XSS) vulnerability. An attacker can exec... https://t.co/BQGgeyTkVi
@VulmonFeeds
5 Nov 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-31448 Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when… https://t.co/8xnhLzOxCV
@CVEnew
4 Nov 2024
410 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B1E5E6E-1398-4908-9D8F-25C8C667F3D2",
"versionEndExcluding": "3.1.2"
}
],
"operator": "OR"
}
]
}
]