Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Combodo
  • Itop

No data.

No data.

References
Link Providers
https://github.com/Combodo/iTop/security/advisories/GHSA-684h-f39j-5gq8 cve-icon cve-icon
History

Wed, 12 Nov 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Combodo
Combodo itop
Vendors & Products Combodo
Combodo itop

Mon, 10 Nov 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 10 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
Description Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0.
Title Combodo iTop has stored XSS in user portal's browse brick
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-11-10T20:33:48.310Z

Updated: 2025-11-10T20:45:35.253Z

Reserved: 2025-05-15T16:06:40.940Z

Link: CVE-2025-48055

cve-icon Vulnrichment

Updated: 2025-11-10T20:45:27.373Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-11-10T21:15:38.907

Modified: 2025-11-12T16:19:59.103

Link: CVE-2025-48055

cve-icon Redhat

No data.