{"id":"CVE-2025-27139","summary":"Combodo iTop vulnerable to stored self Cross-site Scripting in preferences","details":"Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.","aliases":["GHSA-c6mg-9537-c8cf"],"modified":"2026-04-10T05:23:47.841180Z","published":"2025-02-25T19:52:15.589Z","database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27139.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27139.json"},{"type":"ADVISORY","url":"https://github.com/Combodo/iTop/security/advisories/GHSA-c6mg-9537-c8cf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27139"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/combodo/itop","events":[{"introduced":"0"},{"fixed":"affed699991f19f2400daea698764ed14fbf407b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.12"}]}},{"type":"GIT","repo":"https://github.com/combodo/itop","events":[{"introduced":"fc24746862778d60fd135c076aa1d621a723f965"},{"fixed":"052e2a1a425c7b04d569399c5276a161d493a40f"}],"database_specific":{"versions":[{"introduced":"3.0.0-alpha"},{"fixed":"3.1.2"}]}},{"type":"GIT","repo":"https://github.com/combodo/itop","events":[{"introduced":"dc553ca83c8963ee8c5ee97d9812fd4122f0d8ac"},{"fixed":"0ee1818f12583de75babc5c9e4fd6428cc8fdb73"}],"database_specific":{"versions":[{"introduced":"3.2.0-alpha1"},{"fixed":"3.2.0"}]}}],"versions":["1.0.8","2.6.1","2.6.2","2.6.3","2.7.1","2.7.10","2.7.11","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","3.2.0-alpha1","3.2.0-rc1","3.2.0-rc2","3.2.0-rc3","N1963","N2011","N2016","N941","N941-2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27139.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"}]}