CNNVD-202511-910 Information
CNNVD ID
CNNVD-202511-910
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Combodo iTop是法国Combodo公司的一套基于ITIL开发且用于IT环境日常运营的开源Web应用程序。该程序提供事件管理、配置管理和问题管理等功能。 Combodo iTop 3.2.2之前版本存在跨站脚本漏洞,该漏洞源于在用户门户中显示内容时未正确处理输入,可能导致跨站脚本攻击。
Description (English)
Combodo iTop is an open-source Web application developed by the French company Combodo based on ITIL and used in the daily operation of the IT environment. It provides features such as incident management, configuration management and issue management. The previous version of Combodo iTop 3.2.2 had a cross-site script loophole, which originated from the incorrect handling of input when the content was displayed in the user portal, which could lead to a cross-site script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Combodo
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/Combodo/iTop/security/advisories/GHSA-684h-f39j-5gq8 https://access.redhat.com/security/cve/cve-2025-48055
Patch
https://github.com/Combodo/iTop/releases
Share on: