CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before importing it.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-6p48-74j9-977j

Configurations

No configuration.

History

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) iTop es una herramienta web de gestión de servicios de TI. En versiones anteriores a la 3.1.3 y la 3.2.1, al introducir código malicioso en un archivo CSV, se podía producir un ataque de cross-site scripting al importar dicho contenido. Este problema se solucionó en las versiones 3.1.3 y 3.2.1. Como workaround, revise el contenido CSV antes de importarlo.

14 May 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 15:15

Updated : 2025-05-16 14:43

NVD link : CVE-2024-56157

Mitre link : CVE-2024-56157

CVE.ORG link : CVE-2024-56157

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.3 /10