Cross-Site Scripting Vulnerability in Combodo iTop IT Service Management Tool
CVE-2025-47773
8.8HIGH
What is CVE-2025-47773?
Combodo iTop, a widely-used web-based IT service management tool, is susceptible to cross-site scripting (XSS) vulnerabilities when dashboard edits are executed via AJAX calls. This flaw allows attackers to inject malicious scripts into the rendered HTML content, potentially compromising user data and session integrity. To mitigate these risks, users should upgrade to versions 2.7.13 or 3.2.2, which include necessary fixes that safeguard against such security threats.
Affected Version(s)
iTop < 2.7.13 < 2.7.13
iTop >= 3.0.0-alpha, < 3.2.2 < 3.0.0-alpha, 3.2.2