CVE-2024-56157

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-56157

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56157.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56157

Aliases

GHSA-6p48-74j9-977j

Published

2025-05-14T14:40:46.107Z

Modified

2026-04-10T05:18:39.800241Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator

Summary

iTop vulnerable to Self XSS in CSV Import

Details

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before importing it.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56157.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type

GIT

Repo

https://github.com/combodo/itop

Events

Introduced

Fixed

46aaeb43016b2f0de8b14881c99cb435428bc789

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.3"
        }
    ]
}

Type

GIT

Repo

https://github.com/combodo/itop

Events

Introduced

0ee1818f12583de75babc5c9e4fd6428cc8fdb73

Fixed

a9bc4973b40a4834228fefec69646a8738d3f82e

Database specific

{
    "versions": [
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "3.2.1"
        }
    ]
}

Affected versions

2.*

2.7.0-alpha1

2.7.0-beta

2.7.0-beta2

3.*

3.1.0-alpha1

3.1.0-designer-2

3.1.1

3.1.1-1

3.1.2

ITSM_Designer_3.*

ITSM_Designer_3.1-compatibility

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56157.json"