Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0 | Patch Third Party Advisory |
https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-04-21T16:45:13
Updated: 2022-04-21T16:45:13
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41162
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-21T17:15:07.757
Modified: 2022-04-28T19:02:45.663
Link: CVE-2021-41162
JSON object: View
Redhat Information
No data.
CWE