VYPR
Unrated severityNVD Advisory· Published Apr 21, 2022· Updated Apr 23, 2025

Cross-site Scripting in Combodo iTop

CVE-2021-41162

Description

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizard_helper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    >=3.0.0-beta, <3.0.0-beta6+ 1 more
    • (no CPE)range: >=3.0.0-beta, <3.0.0-beta6
    • (no CPE)range: >= 3.0.0-beta, < 3.0.0-beta6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.