3 matches found
CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to...
CVE-2022-24870
CVE-2022-24870: Stored cross-site scripting in Combodo iTop due to malicious script injection in tooltips via the iTop customization mechanism in 3.0.0 beta releases prior to beta3. Affected: Combodo iTop (web-based ITSM). Impact: stored XSS to authorized users; upgrade is advised; no public work...
CVE-2022-24870 Stored Cross-site Scripting in Combodo iTop
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to...