← volver
CVE-2021-41162

Cross-site Scripting in Combodo iTop

CVSS 9.3 CRITICALEPSS 0.6%CWE-79
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Productos afectados
Combodo · iTop

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95