{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T06:09:15.411","vulnerabilities":[{"cve":{"id":"CVE-2024-54139","sourceIdentifier":"security-advisories@github.com","published":"2024-12-13T16:15:26.210","lastModified":"2025-03-11T16:44:20.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue."},{"lang":"es","value":"Combodo iTop es una plataforma de gestión de servicios de TI basada en la web y de código abierto. En versiones anteriores a las 2.7.11, 3.1.2 y 3.2.0, iTop presenta una vulnerabilidad de cross-site scripting que puede provocar cross-site request forgery en el parámetro `_table_id`. Las versiones 2.7.11, 3.1.2 y 3.2.0 contienen un parche para solucionar el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.11","matchCriteriaId":"1BF82095-AA7D-454F-9228-78EC4D8CD5CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.2","matchCriteriaId":"91456038-80B6-479B-BBDF-9376B9D2F100"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.2.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C62AC350-F938-43A2-B066-3CEF23B03C0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.2.0:beta1:*:*:*:*:*:*","matchCriteriaId":"B2E2A04B-A0E6-4906-BD91-91DAC92CC067"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"24D309D2-E86C-4222-B258-C09BEEF42CD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.2.0:rc2:*:*:*:*:*:*","matchCriteriaId":"6613DB9B-E3F9-44CC-B46A-77739060B641"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.2.0:rc3:*:*:*:*:*:*","matchCriteriaId":"5C86A4B5-375A-4761-A853-AB0EED54A540"}]}]}],"references":[{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-jmv2-wfh5-h5wg","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}