Impact
By modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb.
Patches
Fixed in 2.7.2 and 3.0.0
Credits
Many thanks to Cyblex Technologies (Clément Speybrouck, Antoine Vacher) for this report !
References
Combodo ref N°3332
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
By modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb.
Patches
Fixed in 2.7.2 and 3.0.0
Credits
Many thanks to Cyblex Technologies (Clément Speybrouck, Antoine Vacher) for this report !
References
Combodo ref N°3332
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com