XSS in csvimport in 3.0.0-beta versions
Package
iTop
(SourceForge)
Affected versions
None (3.0.0-beta)
Patched versions
>=3.0.0-beta6
Description
Credits
-
RedShellSec Analyst
RedShellSec
Analyst
Impact
The export CSV page don't properly escape the passed parameters, allowing XSS.
Patches
Fixed in 3.0.0 (october 2021)
References
Combodo ref N°4361
Credits
Redshell (https://github.com/RedShellSec)
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]