CVE-2021-32664

Опубликовано: 19 окт. 2021

Источник: nvd

CVSS3: 8.1

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

Ссылки

https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704
Patch
Third Party Advisory
https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
Patch
Third Party Advisory
https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6
Patch
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj
Third Party Advisory
https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704
Patch
Third Party Advisory
https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
Patch
Third Party Advisory
https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6
Patch
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*

Версия до 2.6.5 (исключая)

cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*

Версия от 2.7.0 (включая) до 2.7.5 (исключая)

EPSS

Процентиль: 62%

0.00423

Низкий

8.1 High

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 62%

0.00423

Низкий

8.1 High

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79