{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.0.0-beta1" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.7.6" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta2" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta3" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta4" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta5" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "b190d0e385c3d9a0e447004e9a87a2863e508403" }, { "introduced": "0" }, { "last_affected": "94fdc79be58b298ff5d1215c3b6103c0b1f19fed" }, { "introduced": "0" }, { "last_affected": "aa9ab1ace5bf85fa4150fa9b0227382ee138817d" }, { "introduced": "0" }, { "last_affected": "007e1ded0db683e3459d70eb7665e166676a95f6" }, { "introduced": "0" }, { "last_affected": "8e0ae67803ee0289a161552d86f78c6c71529343" }, { "introduced": "0" }, { "last_affected": "f9fc85e763daa10cd553c983c01a3af451fa57d1" }, { "fixed": "83125d9ae16cfb2527b9d0ab0805a68b863244a0" } ], "repo": "https://github.com/combodo/itop", "type": "GIT" } ] } ], "details": "Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.", "id": "CVE-2021-41162", "modified": "2026-03-13T21:50:44.626187321Z", "published": "2022-04-21T17:15:07.757Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95" }, { "type": "FIX", "url": "https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0" } ], "related": [ "GHSA-w5jw-hfvp-gx95" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }