Skip to content

Fix XSS vulnerability in object attribute's tooltip

Moderate
piRGoif published GHSA-29h7-jw2p-pcw3 Apr 21, 2022

Package

iTop (SourceForge)

Affected versions

3.0.0-beta, 3.0.0-beta2

Patched versions

3.0.0-beta3

Description

Impact

Malicious script can be injected in tooltips using iTop customization mechanism.

Patches

Fixed in 3.0.0-beta3 (august 2021)

References

Credits

@ranjit-git / Huntr

For more information

If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com

Severity

Moderate

CVE ID

CVE-2022-24870

Weaknesses

No CWEs

Credits