Skip to content

Unauthorized SSRF and reflected XSS -The attacker has the ability to make requests on behalf of the server

Moderate
piRGoif published GHSA-ghqc-r8f6-q9m9 Oct 19, 2021

Package

iTop

Affected versions

<2.6.5 <2.7.5

Patched versions

2.6.5, 2.7.5

Description

Impact

SSRF and reflected XSS attacks by calling setup with specific parameters

Patches

Fixed in 2.6.5 and 2.7.5 and later

References

Combodo ref N°3952 & N°3951

Credits

Many thanks to Kirill Seleznev / Kaspersky for this report !

For more information

If you have any questions or comments about this advisory:
Email us at [email protected]

Severity

Moderate

CVE ID

CVE-2021-32663

Weaknesses

No CWEs