In iTop versions prior to 3.1.3 and 3.2.1 a medium severity vulnerability CVE-2024-56157 was detected. This vulnerability allows attackers to perform a cross-site scripting (XSS) attack by injecting malicious code into CSV content, which is executed when importing the file. To address this issue, users should upgrade iTop to versions 3.1.3 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56157.
iTop: Stored XSS via Malicious CSV Import
by the Hossted team
16.05.2025
16.05.2025