CVE-2021-41161
Summary
| CVE | CVE-2021-41161 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-21 17:15:00 UTC |
| Updated | 2022-05-04 19:10:00 UTC |
| Description | Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Combodo | Itop | All | All | All | All |
| Application | Combodo | Itop | 3.0.0 | beta | All | All |
| Application | Combodo | Itop | 3.0.0 | beta2 | All | All |
| Application | Combodo | Itop | 3.0.0 | beta3 | All | All |
| Application | Combodo | Itop | 3.0.0 | beta4 | All | All |
| Application | Combodo | Itop | 3.0.0 | beta5 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| XSS in csvimport in 3.0.0-beta versions · Advisory · Combodo/iTop · GitHub | CONFIRM | github.com | |
| N°4361 - XSS in csvimport on develop · Combodo/iTop@c8f3d23 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.