Kyokito1412

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.11 Combodo iTop versions prior to 3.1.2 Combodo iTop versions prior to 3.2.0 Description: Combodo iTop is an open source and web-based IT service management platform. The platform has a cross-site scripting issue that can lead to cross-site request forgery on the ` table id` parameter. Recommendations: For versions prior to 2.7.11, upgrade to version 2.7.11 to protect your environment. For versions prior to 3.1.2, upgrade to version 3.1.2 to protect your environment. For versions prior to 3.2.0, upgrade to version 3.2.0 to protect your environment.

**Name of the Vulnerable Software and Affected Versions** Formwork versions prior to 1.13.1 **Description** Formwork is a flat file-based Content Management System (CMS) that allows an attacker with administrator privileges to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). The issue is a Stored XSS vulnerability, which enables attackers to inject malicious JavaScript or HTML through a crafted payload, achieving persistence and potentially attacking numerous visitors. **Recommendations** For versions prior to 1.13.1, update to Formwork 1.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /panel/options/site endpoint to minimize the risk of exploitation. Additionally, avoid using the description field in the site options to prevent potential injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Formwork versions prior to 1.13.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field. Users with access to the administration panel with page editing permissions could insert `<script>` tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. **Recommendations** For versions prior to 1.13.0, update to Formwork 1.13.0 or later, which includes a patch that solves this vulnerability by introducing the `content.safe mode` system config option to control whether HTML tags and potentially dangerous links are escaped. As a temporary workaround, consider restricting access to the administration panel to a controlled group of editors to minimize the risk of exploitation.