Описание
Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.11 (исключая)Версия от 3.0.0 (включая) до 3.1.2 (исключая)
Одно из
cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
7.1 High
CVSS3
5.4 Medium
CVSS3
7.1 High
CVSS3
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 57%
0.00349
Низкий
7.1 High
CVSS3
5.4 Medium
CVSS3
7.1 High
CVSS3
Дефекты
CWE-79
CWE-79