CVE-2021-32664

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*

History

22 Oct 2021, 20:45

Type Values Removed Values Added
References (MISC) https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a - (MISC) https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a - Patch, Third Party Advisory
References (CONFIRM) https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj - (CONFIRM) https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj - Third Party Advisory
References (MISC) https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6 - (MISC) https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6 - Patch, Third Party Advisory
References (MISC) https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704 - (MISC) https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704 - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : 8.1
v2 : 3.5
v3 : 4.8
CPE cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*

19 Oct 2021, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-19 18:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-32664

Mitre link : CVE-2021-32664

CVE.ORG link : CVE-2021-32664


JSON object : View

Products Affected

combodo

  • itop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')