Vulnerability Description
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Combodo | Itop | <= 2.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0PatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95Third Party Advisory
- https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0PatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95Third Party Advisory
FAQ
What is CVE-2021-41162?
CVE-2021-41162 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, a...
How severe is CVE-2021-41162?
CVE-2021-41162 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-41162?
Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.