Impact

When displaying HTML attachments XSS are possible for scripts outside of script tags

Patches

Fixed in 2.7.6, 3.0.0

References

Combodo ref N°4129

Credits

@ranjit-git / Huntr

For more information

Cross-site Scripting (XSS) - Stored vulnerability found in itop

If you have any questions or comments about this advisory:
Email us at [email protected]