In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
},
{
"fixed": "2.7.0"
}
],
"cpe": [
"cpe:2.3:a:combodo:itop:*:*:*:*:essential:*:*:*",
"cpe:2.3:a:combodo:itop:*:*:*:*:professional:*:*:*",
"cpe:2.3:a:combodo:itop:*:*:*:*:community:*:*:*"
],
"source": "CPE_RANGE"
}