CVE-2024-56157

Medium CVSS 6.3

Overview

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before importing it.

CWE: CWE-79 Published: 2025-05-14T15:15:55.613

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.3 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags