CVE-2021-32664
published 2021-10-19CVE-2021-32664: Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as…
PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.81%
52.2th percentile
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| combodo | itop | < 2.6.5 | 2.6.5 |
| combodo | itop | — | — |
| combodo | itop | >= 2.7.0 < 2.7.5 | 2.7.5 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88ahttps://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpjhttps://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88ahttps://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj
2021-10-19
Published