CVE-2025-48055

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-48055

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48055.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48055

Aliases

GHSA-684h-f39j-5gq8

Published

2025-11-10T20:33:48.310Z

Modified

2026-04-10T05:28:06.074683Z

Severity

8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator

Summary

Combodo iTop has stored XSS in user portal's browse brick

Details

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48055.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7b44ec23a1b3643dc0d7c5bdf1c108424f3e6d9a

Affected versions

2.*

2.7.0-alpha1

2.7.0-beta

2.7.0-beta2

3.*

3.1.0-alpha1

3.2.0-alpha1

3.2.0-rc1

3.2.0-rc2

3.2.0-rc3

3.2.1

ITSM_Designer_3.*

ITSM_Designer_3.1-compatibility

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48055.json"