Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2024-51994

Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

  • Published: Nov 7, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-51994
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
combodo / itop - 2.7.11
combodo / itop 3.0.0 3.1.2