CVE-2022-24870
- Source
- https://cve.org/CVERecord?id=CVE-2022-24870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-24870
- Aliases
-
- GHSA-29h7-jw2p-pcw3
- Published
- 2022-04-21T16:40:12Z
- Modified
- 2025-12-04T10:19:49.689702Z
- Severity
-
- 8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Stored Cross-site Scripting in Combodo iTop
- Details
-
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24870.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24870.json
- https://github.com/Combodo/iTop/security/advisories/GHSA-29h7-jw2p-pcw3
- https://huntr.dev/bounties/1625056040123-Combodo/iTop/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b
- https://nvd.nist.gov/vuln/detail/CVE-2022-24870
- https://www.github.com/combodo/itop/commit/ebbf6e56befda2070b00d68c7c3e531a6ce6b59e