Accognet

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions 3.0.0 beta releases prior to beta6 **Description** The issue concerns a web-based IT Service Management tool where the `ajax.render.php?operation=wizard helper` page did not properly escape user-supplied parameters, allowing for a cross-site scripting attack vector. Users are advised to upgrade as there are no known workarounds for this issue. **Recommendations** For versions 3.0.0 beta releases prior to beta6, upgrade to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the `ajax.render.php?operation=wizard helper` page until an upgrade is possible.