acognet

3 exploits Active since Oct 2021
CVE-2021-32663 WRITEUP HIGH WRITEUP
iTop <2.6.5, <2.7.5 - SSRF
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
CVSS 8.7
CVE-2021-41161 WRITEUP CRITICAL WRITEUP
Combodo iTop <3.0.0-beta6 - XSS
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 9.3
CVE-2021-41162 WRITEUP CRITICAL WRITEUP
Combodo iTop <3.0.0 beta6 - XSS
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 9.3