Skip to content

Reflected XSS with Administrator credentials

Moderate
piRGoif published GHSA-j758-ggwg-9mpj Oct 19, 2021

Package

iTop

Affected versions

<2.6.5 <2.7.5

Patched versions

2.6.5, 2.7.5

Description

Impact

There is a XSS vulnerability on "run query" page when logged as administrator

Patches

Fixed in 2.6.5 and 2.7.5

References

Combodo ref N°4002

Credits

Many thanks to Sandoval Raúl / Rogue Security for this report !

For more information

If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com

Severity

Moderate

CVE ID

CVE-2021-32664

Weaknesses

No CWEs