{"containers": {"cna": {"affected": [{"product": "iTop", "vendor": "Combodo", "versions": [{"status": "affected", "version": "< 2.6.5"}, {"status": "affected", "version": ">= 2.7.0, < 2.7.5"}]}], "descriptions": [{"lang": "en", "value": "Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on \"run query\" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T17:45:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6"}], "source": {"advisory": "GHSA-j758-ggwg-9mpj", "discovery": "UNKNOWN"}, "title": "Reflected XSS in Combodo/iTop", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32664", "STATE": "PUBLIC", "TITLE": "Reflected XSS in Combodo/iTop"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iTop", "version": {"version_data": [{"version_value": "< 2.6.5"}, {"version_value": ">= 2.7.0, < 2.7.5"}]}}]}, "vendor_name": "Combodo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on \"run query\" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj", "refsource": "CONFIRM", "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj"}, {"name": "https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704", "refsource": "MISC", "url": "https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704"}, {"name": "https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a", "refsource": "MISC", "url": "https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a"}, {"name": "https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6", "refsource": "MISC", "url": "https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6"}]}, "source": {"advisory": "GHSA-j758-ggwg-9mpj", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:31.081Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32664", "datePublished": "2021-10-19T17:45:12", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.081Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*", "matchCriteriaId": "AAB96E6A-21B3-40F1-9833-629464EE4710", "versionEndExcluding": "2.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*", "matchCriteriaId": "CD3B1BB6-B0AB-49F6-A327-DAC73045502B", "versionEndExcluding": "2.7.5", "versionStartIncluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on \"run query\" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5."}, {"lang": "es", "value": "Combodo iTop es una herramienta de Administraci\u00f3n de Servicios de TI de c\u00f3digo abierto basada en la web. En las versiones afectadas se presenta una vulnerabilidad de tipo XSS en la p\u00e1gina \"run query\" cuando se inicia la sesi\u00f3n como administrador. Esto ha sido resuelto en versiones 2.6.5 y 2.7.5"}], "id": "CVE-2021-32664", "lastModified": "2024-11-21T06:07:29.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-19T18:15:07.853", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}