CVE-2021-32664

Published: Oct 19, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

8.1

HIGH

Description

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

Vendor	Product	Versions
Combodo	iTop	affected `< 2.6.5` affected `>= 2.7.0, < 2.7.5`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj

x_refsource_CONFIRM

https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704

x_refsource_MISC

https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a

x_refsource_MISC

https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-32664

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References