CRITICAL🇵🇱 Wersja polska

CVE-2021-41161

CVSS 9.3v3.1pub. 2022-04-21upd. 2024-11-21

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
  • Combodo Itop

    APP
    Combodo
    3.0.0< 3.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-48710CRITICAL9.8PL ✓ten sam produkt

Combodo iTop: nieautoryzowany dostęp do plików z folderu env-production

CVE-2022-39214CRITICAL9.6ten sam produkt

Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1,...

CVE-2021-41162CRITICAL9.3ten sam produkt

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render...

CVE-2025-47286HIGH8.6ten sam produkt

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrato...

CVE-2025-47773HIGH8.8ten sam produkt

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to c...