Lucene search

TwcertCVELIST:CVE-2020-12778

HistoryAug 10, 2020 - 2:45 a.m.

CVE-2020-12778 Combodo iTop - Reflected XSS

2020-08-1002:45:38

twcert

www.cve.org

combodo itop

reflected xss

input parameters

vulnerability

attack

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

29.3%

JSON

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.

CNA Affected

[
  {
    "product": "iTop",
    "vendor": "Combodo",
    "versions": [
      {
        "lessThanOrEqual": "2.7.0-beta2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv

www.twcert.org.tw/tw/cp-132-3834-591e2-1.html

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

29.3%

JSON

Related for CVELIST:CVE-2020-12778