CVE-2025-47932 HIGH

CVE-2025-47932: Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard

Vendor Combodo
Product iTop
Weakness CWE-79 · XSS
Published November 10, 2025
Last update November 10, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack.

Key dates

02Disclosure timeline

November 10, 2025 CVE published
November 10, 2025 Record updated