Lucene search

[email protected]NVD:CVE-2020-15221

HistoryJan 13, 2021 - 5:15 p.m.

CVE-2020-15221

2021-01-1317:15:12

CWE-79

[email protected]

web.nvd.nist.gov

itop

xss

vulnerability

fixed

versions

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.

Affected configurations

Nvd

Node

combodoitopRange<2.7.2

combodoitopMatch3.0.0alpha

VendorProductVersionCPE
combodoitop*cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
combodoitop3.0.0cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*

Vendor	Product	Version	CPE
combodo	itop	*	cpe:2.3:a:combodo:itop::::::::
combodo	itop	3.0.0	cpe:2.3:a:combodo:itop:3.0.0:alpha::::::

References

github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2020-15221

osv1 cve1 cvelist1 prion1