CVE-2024-31448

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-31448
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31448.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31448
Aliases
  • GHSA-776w-x6v7-vfwf
Published
2024-11-04T23:34:19.435Z
Modified
2025-12-05T04:18:45.260583Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Cross-site Scripting vulnerability in link CSV import in Combodo iTop
Details

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upgrade should validate CSV content before importing it.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31448.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type
GIT
Repo
https://github.com/combodo/itop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
052e2a1a425c7b04d569399c5276a161d493a40f

Affected versions

1.*
1.0.8
2.*
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.0-a
2.6.0-products
2.6.1
2.6.2
2.6.2-1
2.6.2-2
2.6.3
2.6.4
2.7.0
2.7.0-1
2.7.0-2
2.7.0-alpha1
2.7.0-beta
2.7.0-beta2
2.7.0-rc
2.7.0-rc2
2.7.1
2.7.10
2.7.11
2.7.2
2.7.2-1
2.7.3
2.7.3-1
2.7.3-2
2.7.4
2.7.5
2.7.5-1
2.7.5-2
2.7.6
2.7.7
2.7.8
2.7.9
Other
3
N1963
N2011
N2016
N941
N941-2
itop-carbon
3.*
3.0.0
3.0.0-alpha
3.0.0-beta
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-beta5
3.0.0-beta6
3.0.0-beta7
3.0.0-beta8
3.0.0-rc
3.0.1
3.0.1-designer-feature-lot1
3.0.1-designer-feature-lot2
3.0.2
3.0.2-1
3.0.2-rc1
3.0.3
3.0.3-1
3.0.3-designer-php8.0-compatibility
3.0.4
3.1.0
3.1.0-1
3.1.0-2
3.1.0-3
3.1.0-alpha1
3.1.0-beta
3.1.0-designer-2
3.1.1
3.1.1-1
3.1.1-2
ITSM_Designer_3.*
ITSM_Designer_3.1-compatibility

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31448.json"