CVE-2020-12778

Published: Aug 10, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.

Affected (12)

Products: Combodo: Itop

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Combodo Itop	Before 2.7.1
Combodo Itop	Version 3.0.0 alpha
Combodo Itop	Version 3.0.0 beta1
Combodo Itop	Version 3.0.0 beta2
Combodo Itop	Version 3.0.0 beta3
Combodo Itop	Version 3.0.0 beta4
Combodo Itop	Version 3.0.0 beta5
Combodo Itop	Version 3.0.0 beta6
Combodo Itop	Version 3.0.0 beta7
Combodo Itop	Version 3.0.0 beta8
Combodo Itop	Version 3.0.0 beta
Combodo Itop	Version 3.0.0 rc

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.