← voltar
CVE-2021-41162

Cross-site Scripting in Combodo iTop

CVSS 9.3 CRITICALEPSS 0.6%CWE-79
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Produtos afetados
Combodo · iTop

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95