{"id":"CVE-2021-41162","details":"Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.","modified":"2026-04-10T04:38:17.202390Z","published":"2022-04-21T17:15:07.757Z","related":["GHSA-w5jw-hfvp-gx95"],"references":[{"type":"ADVISORY","url":"https://github.com/Combodo/iTop/security/advisories/GHSA-w5jw-hfvp-gx95"},{"type":"FIX","url":"https://github.com/Combodo/iTop/commit/83125d9ae16cfb2527b9d0ab0805a68b863244a0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/combodo/itop","events":[{"introduced":"0"},{"last_affected":"b190d0e385c3d9a0e447004e9a87a2863e508403"},{"introduced":"0"},{"last_affected":"94fdc79be58b298ff5d1215c3b6103c0b1f19fed"},{"introduced":"0"},{"last_affected":"aa9ab1ace5bf85fa4150fa9b0227382ee138817d"},{"introduced":"0"},{"last_affected":"007e1ded0db683e3459d70eb7665e166676a95f6"},{"introduced":"0"},{"last_affected":"8e0ae67803ee0289a161552d86f78c6c71529343"},{"introduced":"0"},{"last_affected":"f9fc85e763daa10cd553c983c01a3af451fa57d1"},{"fixed":"83125d9ae16cfb2527b9d0ab0805a68b863244a0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.6"},{"introduced":"0"},{"last_affected":"3.0.0-beta"},{"introduced":"0"},{"last_affected":"3.0.0-beta2"},{"introduced":"0"},{"last_affected":"3.0.0-beta3"},{"introduced":"0"},{"last_affected":"3.0.0-beta4"},{"introduced":"0"},{"last_affected":"3.0.0-beta5"}]}}],"versions":["1.0.8","2.6.1","2.6.2","2.6.3","2.7.0-alpha1","2.7.0-beta","2.7.0-beta2","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","3","3.0.0-alpha","3.0.0-beta","3.0.0-beta2","3.0.0-beta3","3.0.0-beta4","3.0.0-beta5","N1963","N2011","N2016","N941","N941-2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41162.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}