Vulnerabilities

CVE-2021-41162

by Fred · 21/04/2022

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.

Date published : 2022-04-21

https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95

https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0

Similar

Tags: Cybersecurity Alert