CVE-2021-32664

Summary

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

Affected Software

VendorProductVersion RangeStatus
CombodoiTop< 2.6.5affected
CombodoiTop>= 2.7.0, < 2.7.5affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References