Vulnerability Details CVE-2021-32664
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 3.5
References
- https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704
- https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
- https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6
- https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj
- https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704
- https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
- https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6
- https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj