{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T22:39:14.369","vulnerabilities":[{"cve":{"id":"CVE-2021-41161","sourceIdentifier":"security-advisories@github.com","published":"2022-04-21T17:15:07.557","lastModified":"2024-11-21T06:25:38.083","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue."},{"lang":"es","value":"Combodo iTop es una herramienta de administración de servicios de TI basada en la web. En versiones anteriores a 3.0.0-beta6, la página de exportación de CSV no escapa correctamente de los parámetros suministrados por el usuario, permitiendo una inyección de javascript en los archivos csv renderizados. Es recomendado a usuarios actualizar. No se presentan medidas de mitigación conocidas para este problema"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"E68EC878-50DD-46DD-B59D-9D9F7F866DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*","matchCriteriaId":"DD7E6A6A-9B1D-4BA7-9A58-ACEE1ABC46EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"AF68C176-A8C3-4C88-A344-74CB0E682987"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"997A26DD-11A4-4D9F-8F6C-845068AE605C"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"06061D47-3252-4ED4-9423-600027D39551"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"A5DFEEA5-6FB7-4583-A13C-B2EE74502B81"}]}]}],"references":[{"url":"https://github.com/Combodo/iTop/commit/c8f3d23d30c018bc44189b38fa34a5fffb4edb22","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-788f-g6g9-f8fc","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/Combodo/iTop/commit/c8f3d23d30c018bc44189b38fa34a5fffb4edb22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-788f-g6g9-f8fc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}