CVE-2021-41161

Опубликовано: 21 апр. 2022

Источник: nvd

CVSS3: 9.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.

Ссылки

https://github.com/Combodo/iTop/commit/c8f3d23d30c018bc44189b38fa34a5fffb4edb22
Patch
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-788f-g6g9-f8fc
Third Party Advisory
https://github.com/Combodo/iTop/commit/c8f3d23d30c018bc44189b38fa34a5fffb4edb22
Patch
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-788f-g6g9-f8fc
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия до 3.0.0 (исключая)

cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00311

Низкий

9.3 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 54%

0.00311

Низкий

9.3 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79