Vulnerability Details CVE-2021-32664
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.0%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 3.5
References
- https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704
- https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
- https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6
- https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj
- https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704
- https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
- https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6
- https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj